Security researcher Fabian Cuchietti, has submitted on 18/02/2012 a cross-site-scripting (XSS)
vulnerability affecting www.mercadolivre.com.br, which at the time of submission ranked 307 on
the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/08/2012. It is currently
unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 18/02/2012
Date published: 02/08/2012
Status: UNFIXED
Author: Fabian Cuchietti
Domain: www.mercadolivre.com.br
Category: XSS
URL: http://www.mercadolivre.com.br/brasil/ml/l_user.main?as_filtro_id=CERTIFIED_USR&as_nickname=%A0&as_p
cia_id=%3E%22%3E%3CScRiPt%3Ealert%28%27XSS%27%29;%3C/scRipt%3E
Fonte: http://www.xssed.com/mirror/76529/
Tradução:
O pesquisador de segurança Fabian Cuchietti, mandou em 18/02/2012 uma vulnerabilidade de XSS
que afeta o site www.mercadolivre.com.br........."
Até o dia 02/08/2012 o problema está sem correção.
Data de envio: 18/02/2012
Data publicada: 02/08/2012
Status: Não Fixada
Autor: Fabian Cuchietti
Dominio: www.mercadolivre.com.br
Categoria: XSS
Pagerank: 307
URL: http://www.mercadolivre.com.br/brasil/ml/l_user.main?as_filtro_id=CERTIFIED_USR&as_nickname=%A0&as_p
cia_id=%3E%22%3E%3CScRiPt%3Ealert%28%27XSS%27%29;%3C/scRipt%3E
Pelo o que eu vi não é somente o domínio tupiniquim que sofre disso:
www.mercadolibre.com.uy XSS » XSSed
www.mercadolivre.com.br XSS » XSSed
www.mercadolibre.com.pa XSS » XSSed
www.mercadolibre.com.do XSS » XSSed
www.mercadolibre.com.ec XSS » XSSed
www.mercadolibre.com.mx XSS » XSSed
www.mercadolibre.com.co XSS » XSSed
www.mercadolibre.com.pe XSS » XSSed
www.mercadolibre.com.ar XSS » XSSed
Abraços
Raphael Pagliuca
Não funciona mais.
ResponderExcluir