AOH :: HP Unsorted S :: C07-1371.HTM

SiteCatalyst Web Login Cross Site Vulrnabilities



SiteCatalyst Web Login Cross Site Vulrnabilities
SiteCatalyst Web Login Cross Site Vulrnabilities



Hackers Center Security Group (http://www.hackerscenter.com/) 
Doz's Security Advisory        


Desc: SiteCatalyst Web Login Cross Site Vulrnabilities
Risk: Medium





Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to provide customers access to all of their data in real time.

Login & Search Engines scripts affected

Vendor: www.omniture.com 

Company Email: ir@omniture.com 


Proof of concept:


/search.asp?ss=[XSS]


Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes. We made a research and many big companies are using Omniture products (Microsoft included).


-- HSC Security Group 
http://www.hackerscenter.com 

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.