Home page logo
/

bugtraq logo Bugtraq mailing list archives

[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities
From: DoZ () HackersCenter com
Date: 16 Dec 2006 18:44:20 -0000

Hackers Center Security Group (http://www.hackerscenter.com/)            
Doz's Security Advisory        


Desc: SiteCatalyst Web Login Cross Site Vulrnabilities
Risk: Medium





Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to 
corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps 
clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce 
transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to 
provide customers access to all of their data in real time.

Login & Search Engines scripts affected

Vendor: www.omniture.com

Company Email: ir () omniture com


Proof of concept:


/search.asp?ss=[XSS]


Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes. We made a research 
and many big companies are using Omniture products (Microsoft included).


-- HSC Security Group 
http://www.hackerscenter.com

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com 


  By Date           By Thread  

Current thread:
  • [HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities DoZ (Dec 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault