[13721] in bugtraq
Sprint PCS vulnerable to malicious tags
daemon@ATHENA.MIT.EDU (Paul Schreiber)
Sat Feb 5 05:11:59 2000
Message-Id: <20000204192231.560.qmail@securityfocus.com>
Date: Fri, 4 Feb 2000 19:22:31 -0000
Reply-To: Paul Schreiber <shrub@YAHOO.COM>
From: Paul Schreiber <shrub@YAHOO.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
I'm sure you're all familiar with the CERT advisory:
http://www.cert.org/advisories/CA-2000-02.html
Sprint PCS's web site is vulnerable to this flaw. Any text
you enter into the customer care area is subsequently
displayed verbatim on a web page:
https://www.sprintpcs.com/manage/myaccount.asp
To access that page, you must have a sprint PCS account and
password. As soon as you post your question, it will appear
in your case history -- HTML and all.
At this point in time, it is unclear whether Sprint PCS
customer service representatives use a web browser to
respond to these questions. If this is the case, clever
hackers could exploit this vulnerability to gain sensitive
information about Sprint PCS, possibly including
confidential customer information.
There is a similar form for non-customers at:
https://www.sprintpcs.com/learn/form_public_question.asp
You don't get to see the results yourself, but, again, if
Sprint PCS reps use a web browser, their systems could be
compromised.
Paul
