Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

mxBB Module Meeting <= 1.1. 2(meeting_constan ts.php) Remote File Include

mxBB Module Charts <= 1.0. 0(module_root_pat h) Remote File Include Vulnerability

mxBB Module WebLinks <= 2. 05(mx_root_path) Remote File Include Vulnerability

Contra Haber Sistemi v1.0 SqL Injection Vuln.

From:	Hackers Center Security Group <DoZ_(at)_hackerscenter.com>
Date:	16.12.2006
Subject:	[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities

Hackers Center Security Group (http://www.hackerscenter.com/)            
Doz's Security Advisory        


Desc: SiteCatalyst Web Login Cross Site Vulrnabilities
Risk: Medium





Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and
services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary
product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity,
advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover,
Data, and SearchCenter line of products, designed to provide customers access to all of their data in
real time.

Login & Search Engines scripts affected

Vendor: www.omniture.com

Company Email: ir@omniture.com


Proof of concept:


/search.asp?ss=[XSS]


Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes.
We made a research and many big companies are using Omniture products (Microsoft included).


-- HSC Security Group
http://www.hackerscenter.com

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com