Re: MBT Xss vulnerability

[MuNNa <sant.jadhav () gmail com>]

*Hahaha* ... native code doesnt seem to understand the meaning of Xss and
why it can be of security concern. Here not only url re-direction is
possible but also execution of malicious javascripts is possible.Your Lame
reply makes me think that you are one of the following:
1.An employee of MBT criticising me in the interest of the company   *'or'*
2.A poor spammer who doesnt know anything but tries to shows-off as if he is
the MASTER. If this is the case carry on with your spamming business and
good luck for your future.

Regards;
Santosh J.

On 1/20/06, greybrimstone () aim com <greybrimstone () aim com> wrote:
> Actually,
>     Whats lame is you basing someone for telling others about a
> security vulnerability. Keep posting!
>
> -Adriel
>
> -----Original Message-----
> From: Native.Code <native.code () gmail com>
> To: MuNNa <sant.jadhav () gmail com>
> Cc: full-disclosure () lists grok org uk
> Sent: Thu, 19 Jan 2006 21:52:54 +0800
> Subject: Re: [Full-disclosure] MBT Xss vulnerability
>
>   What a lame vulnerability it is. If your POC redirects to another
> site (which is not MBT site), how someone will become victim and
> believe that he/she is doing business with MBT?
>
> Your post is yet another proof that FD is more and more inhibited by
> scipt kiddies. Get a life!
>
>
> On 1/19/06, MuNNa <sant.jadhav () gmail com> wrote:
> Hii List;
>
> Recently, i found an Xss vulnerabilty in MBT web site. MBT offers
> services from Consulting to Managed Services.It is the Corporate member
> of The International Systems Security Engineering Association (ISSEA).
> BS 7799 (Information Security Management Framework) certified
> organization
>
> Vulnerability:
> MBT XSS (Cross Site Scripting) Attacks
>
> Criticality:
> Medium
>
> Description:
> MBT ( http://www.mahindrabt.com/website/index.htm ) is a leading
> India-based global IT solutions provider. As a proven leader in
> application outsourcing and offshoring of business critical
> applications, MBT enables its clients, protect their investment in
> legacy systems, enhance capital budgets, reduce operating expenses and
> build solutions for the multi-services future. However it suffers Xss
> vulnerability on its own web page.
>
> Below is the proof-of-concept which explains this -
>
> http://www.mahindrabt.com/jse/jsp/search.jsp?q=[Xss malcode here]
>
> Re-directing the site to any malicious or fake site to trap the victim :
>
> http://www.mahindrabt.com/jse/jsp/search.jsp?q=
> <script>document.location='http://www.[evil.site].com&apos;</script>
>
>
> Though it does not affect sever side alot and may seem harmless, but it
> can be used to target college students or job-seekers as it is one of
> the most attracting employer. Targets can be lured to visit the
> malicious weblink under the pretext of some job positions being vacant.
> Vendor notification:
>
>
> Vendor has been notified twice, around 4 months ago but still there is
> no response and I guess neither they are going to respond.
>
>
> Regards;
> Santosh J.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>   _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ________________________________________________________________________
> Check Out the new free AIM(R) Mail -- 2 GB of storage and
> industry-leading spam and email virus protection.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/