Hello, fyi: I found the sitecatalyst software running on paypal.com to be vulnerable to xss in the past. (unfiltered referer url was used as a javascript value). Omniture/paypal didn't respond to my emails, paypal fixed the issue after public disclosure.
Regards, Thomas Pollet On 14/01/2008, Michael Holstein <[EMAIL PROTECTED]> wrote: > > > This is from a current CNN home page: > > > > /* SiteCatalyst code version: H.10. > > Copyright 1997-2007 Omniture, Inc. More info available at > > http://www.omniture.com */ > > Omniture is one of (many) sites that do tracking for companies .. like > what your mouse moves over, how long it stays there, how long you view > each page, etc. etc. > > This is why you should disable javascript for any site you don't > explicitly trust (FYI: by default, NoScript for Firefox allows *msn.com > *google.com, and a bunch of other stuff you probably don't want). > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
