Thursday, October 6, 2011
Zero day exploit dropped on American Express
Amex developers have left several debug utilities available on their web site for anyone on the internet to access. The exposed debug is vulnerable to cross site scripting attacks which could be used to steal cookies. Those cookies can then be used to log into accounts as those users. The guy that found it has been trying to inform Amex since Oct 4th. It's been almost 24 hours since the vulnerability went public and Amex still hasn't done anything about it.