lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8dc64e550601190552u4f69f1b9jba6124edf55b2634@mail.gmail.com>
Date: Thu Jan 19 13:53:02 2006
From: native.code at gmail.com (Native.Code)
Subject: MBT Xss vulnerability

What a lame vulnerability it is. If your POC redirects to another site
(which is not MBT site), how someone will become victim and believe that
he/she is doing business with MBT?

Your post is yet another proof that FD is more and more inhibited by scipt
kiddies. Get a life!


On 1/19/06, MuNNa <sant.jadhav@...il.com> wrote:
>
>
> Hii List;
>
> Recently, i found an Xss vulnerabilty in MBT web site. MBT offers services
> from Consulting to Managed Services.It is the Corporate member of The
> International Systems Security Engineering Association (ISSEA).
> BS 7799 (Information Security Management Framework) certified organization
>
> Vulnerability:
> MBT  XSS (Cross Site Scripting) Attacks
>
> Criticality:
> Medium
>
> Description:
> MBT (http://www.mahindrabt.com/website/index.htm ) is a leading
> India-based global IT solutions provider. As a proven leader in application
> outsourcing and offshoring of business critical applications, MBT enables
> its clients, protect their investment in legacy systems, enhance capital
> budgets, reduce operating expenses and build solutions for the
> multi-services future. However it suffers Xss vulnerability on its own web
> page.
>
> Below is the proof-of-concept which explains this -
>
> http://www.mahindrabt.com/jse/jsp/search.jsp?q=[Xss
> <http://www.mahindrabt.com/jse/jsp/search.jsp?q=%5BXss>malcode here]
>
> Re-directing the site to any malicious or fake site to trap the victim :
>
> http://www.mahindrabt.com/jse/jsp/search.jsp?q= <script>
> document.location='http://www.[evil.site].com'</script>
>
>
> Though it does not affect sever side alot and may seem harmless, but it
> can be used to target college students or job-seekers as it is one of the
> most attracting employer. Targets can be lured to visit the malicious
> weblink under the pretext of some job positions being vacant.
>
> Vendor notification:
>
> Vendor has been notified twice, around 4 months ago but still there is no
> response and I guess neither they are going to respond.
> Regards;
> Santosh J.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060119/879a6476/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ