[Owasp-Mumbai] Hacking Matrimonial site.
gorakshnath at gmail.com
Fri Feb 13 16:28:05 EST 2009
Can you prepare demo for this ? with screen shot , or recorded video,
we really want to see this..
On Fri, Feb 13, 2009 at 12:36 PM, raxit sheth <raxit at m4mum.com> wrote:
> Hi Hacker !
> just in lazy time, i am successfully find and Exploit, XSS on Leading
> Matrimonial site !
> What it is doing (Exploit)
> 1. I am sending Classic Membership URL as Free Valentine day offer to find
> your Life partner !. [This is the trick to send Specially Crafted ur!,
> please note it is not dummy site, or url of my website. it is matrimonial
> website only... where i am able to find XSS !!!]
> 2. User is going to matrimonial site using the url to grab
> 3. Enter their id,pwd.
> 4. Id,Pwd will be E-mail to Me :) [Without enduser is knowing !!! :) ]
> 5. I am redirecting the user to login again !
> Do you want to grab the Valentine offer ???
> Happy Hacking :)
> -Raxit Sheth
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Mumbai