[Owasp-Mumbai] Hacking Matrimonial site.

raxit sheth raxit at m4mum.com
Fri Feb 13 14:36:19 EST 2009


Hi Hacker !


just in lazy time, i am successfully find and Exploit, XSS on Leading
Matrimonial site !

What it is doing (Exploit)

1.  I am sending Classic Membership URL as Free Valentine day offer to find
your Life partner !.  [This is the trick to send Specially Crafted ur!,
please note it is not dummy site, or url of my website. it is matrimonial
website only... where i am able to find XSS !!!]

2.  User is going to matrimonial site using the url to grab

3.  Enter their id,pwd.

4.  Id,Pwd will be E-mail to Me :)  [Without enduser is knowing !!! :) ]

5.  I am redirecting the user to login again !


Do you want to grab  the Valentine offer ???


Happy Hacking :)

-Raxit Sheth
www.m4mum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090214/a1f3530f/attachment.html 


More information about the OWASP-Mumbai mailing list