[Owasp-Mumbai] Hacking Matrimonial site.
gorakshnath dorge
gorakshnath at gmail.com
Fri Feb 13 16:28:05 EST 2009
Hi,
Can you prepare demo for this ? with screen shot , or recorded video,
we really want to see this..
-Thanks
Gorakshnath
On Fri, Feb 13, 2009 at 12:36 PM, raxit sheth <raxit at m4mum.com> wrote:
> Hi Hacker !
>
>
> just in lazy time, i am successfully find and Exploit, XSS on Leading
> Matrimonial site !
>
> What it is doing (Exploit)
>
> 1. I am sending Classic Membership URL as Free Valentine day offer to find
> your Life partner !. [This is the trick to send Specially Crafted ur!,
> please note it is not dummy site, or url of my website. it is matrimonial
> website only... where i am able to find XSS !!!]
>
> 2. User is going to matrimonial site using the url to grab
>
> 3. Enter their id,pwd.
>
> 4. Id,Pwd will be E-mail to Me :) [Without enduser is knowing !!! :) ]
>
> 5. I am redirecting the user to login again !
>
>
> Do you want to grab the Valentine offer ???
>
>
> Happy Hacking :)
>
> -Raxit Sheth
> www.m4mum.com
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090213/725055d0/attachment.html
More information about the OWASP-Mumbai
mailing list