Most people surly have heard about Jochen Schweitzer adventure trips. Like every other big company Jochen Schweizer has a homepage which also serves as an online shop for their products.
A reader of ours informed us about a possible security issue on their website on the 3rd of february 2013.
After we had gotten some more information about the kind of issues we had to deal with we were soon able to verify the concerns of the implied reader. Some parameters were not escaped properly when displayed back to the user, thus allowing XSS attacks. At this point we want to thank that reader for the information and his dedication.
Matter of fact that possibly many people are using this weppage to buy the product Jochen Schweitzer is offerening we felt the need to inform the Support as soon as possible. We filed a complaint the very evening we verified those vulnerabilities. We recieved a conformation e-mail that the issues have been forwarded to the Tech Support and will be fixed.
Two weeks passed and there was no fix yet. We decided to send another e-mail asking if the issued had been addressed. After another two weeks (the 6th of march) we recived an E-Mail that mentioned breaches had been addressed.
Although it took them one month to address these issues, we would like to thank them for sending us a small piece of appreciation.
The team of internetwache.org
Screenshots