Zeit.de fixes some security issues

We were able to deternin a couple of XSS vulnerabilities on the website of a well known german newspaper (Die Zeit). The security issue would have allowed hackers to alter the the design of the webpage or manipulate the systeme routines.

We found those security gaps in various subdomanins “marktplatz.zeit.de” and “spiele.zeit.de. One of those XSS was a POST-XSS, thus the attacker has a minimal addiational effort to exploit this issue. While we were scanning for further XSS-issues we were able to discover a full-path-disclosure. Such information disclosure issues allow attackers to get information on how the server is set up. Furtheremore these information can be very helpful in other attacks, like the ones we already found, e.g to gain access to the system.

At that point we decided to contact the webmaster to point out the issues we have found. Unfortnualy we did not get any feedback towards any of our e-mails. We then tried to call which ended up to be unsuccessful as well. Frustrated on why they would not let us help them making their website a little bit more secure we gave up for now.

After a month we tried to contact Die Zeit once more but via twitter. This time we actually got an e-mail address where we’d be able to address our concern. Without any feedback or a “thank you” twoards the Internetwache Team for their dedication, we are now happy to report that after all the Issues has been fixed.

The team of internetwache.org

A screeshot of the full path disclosure (marktplatz.zeit.de)

Screenshot of the third XSS (marktplatz.zeit.de)

Screenshot of the second XSS (spiele.zeit.de)