Web Application Security
RE: Odd things going on at the ChoicePoint Web site Feb 22 2005 12:47PM
Jeff Robertson (Jeff Robertson DigitalInsight com) (2 replies)
RE: Odd things going on at the ChoicePoint Web site Feb 22 2005 12:59PM
Richard M. Smith (rms computerbytesman com)
RE: Odd things going on at the ChoicePoint Web site Feb 22 2005 12:59PM
Richard M. Smith (rms computerbytesman com)
The one and the same!

I spent a couple hours yesterday looking at a half dozen ChoicePoint Web
sites and found many problems. They need someone to join this list ASAP.

Richard

-----Original Message-----
From: Jeff Robertson [mailto:Jeff.Robertson (at) DigitalInsight (dot) com [email concealed]]
Sent: Tuesday, February 22, 2005 7:48 AM
To: 'Daniel'; Richard M. Smith
Cc: webappsec (at) securityfocus (dot) com [email concealed]
Subject: RE: Odd things going on at the ChoicePoint Web site

Is this the same ChoicePoint mentioned in this newspaper article?

http://www.11alive.com/news/news_article.aspx?storyid=59302

Jeff Robertson
Manager of Web Application Security
Digital Insight

> -----Original Message-----
> From: Daniel [mailto:deeper (at) gmail (dot) com [email concealed]]
> Sent: Monday, February 21, 2005 07:26
> To: Richard M. Smith
> Cc: webappsec (at) securityfocus (dot) com [email concealed]
> Subject: Re: Odd things going on at the ChoicePoint Web site
>
>
> Whilst the site should be inspecting all input being passed back for
> execution (i mean we are 2005 now and OWASP has been around for long
> enough now), it does seem that your quotes are causing issues.
>
> On a legal note, if you were based in the UK now, you would have
> Scotland yards Computer Crime Unit arresting you under section 1 of
> the computer misuse act :(
>
> Have you contacted Checkpoint?
>
>
>
>
> On Sun, 20 Feb 2005 20:33:50 -0500, Richard M. Smith
> <rms (at) computerbytesman (dot) com [email concealed]> wrote:
> > Hi,
> >
> > I just noticed something odd at the ChoicePoint Web site
> > (http://www.choicepoint.com). If I try to search for a double quote
> > character using the little search box at the top of the
> home page, I don't
> > get a search results page and instead the ChoicePoint
> search engine returns
> > a HTTP 500 error code (Internal server error). Is this
> behavior a sign of
> > bigger problems with the ChoicePoint search engine?
> >
> > Also is there any method of determining who's Web site search engine
> > ChoicePoint is using? The base URL for a search results page is:
> >
> > http://www.choicepoint.com/catalog.nsf/cpsearchresults
> >
> > Thanks,
> > Richard M. Smith
> > http://www.ComputerBytesMan.com
> >
>

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus