[Owasp-Mumbai] Hacking Matrimonial site.
raxit sheth
raxit at m4mum.com
Fri Feb 13 14:36:19 EST 2009
Hi Hacker !
just in lazy time, i am successfully find and Exploit, XSS on Leading
Matrimonial site !
What it is doing (Exploit)
1. I am sending Classic Membership URL as Free Valentine day offer to find
your Life partner !. [This is the trick to send Specially Crafted ur!,
please note it is not dummy site, or url of my website. it is matrimonial
website only... where i am able to find XSS !!!]
2. User is going to matrimonial site using the url to grab
3. Enter their id,pwd.
4. Id,Pwd will be E-mail to Me :) [Without enduser is knowing !!! :) ]
5. I am redirecting the user to login again !
Do you want to grab the Valentine offer ???
Happy Hacking :)
-Raxit Sheth
www.m4mum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090214/a1f3530f/attachment.html
More information about the OWASP-Mumbai
mailing list