[Owasp-Mumbai] Hacking Matrimonial site.
davechintan at gmail.com
Fri Feb 13 22:14:07 EST 2009
Its great that you found an xss flaw with some leading matrimonial site.
Why don't you write an advisory and bring it to the owner's attention ?
How does that sound?
I guess most the experts around would appreciate that !
On Sat, Feb 14, 2009 at 3:36 AM, raxit sheth <raxit at m4mum.com> wrote:
> Hi Hacker !
> just in lazy time, i am successfully find and Exploit, XSS on Leading
> Matrimonial site !
> What it is doing (Exploit)
> 1. I am sending Classic Membership URL as Free Valentine day offer to find
> your Life partner !. [This is the trick to send Specially Crafted ur!,
> please note it is not dummy site, or url of my website. it is matrimonial
> website only... where i am able to find XSS !!!]
> 2. User is going to matrimonial site using the url to grab
> 3. Enter their id,pwd.
> 4. Id,Pwd will be E-mail to Me :) [Without enduser is knowing !!! :) ]
> 5. I am redirecting the user to login again !
> Do you want to grab the Valentine offer ???
> Happy Hacking :)
> -Raxit Sheth
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
LinkedIn Profile: http://www.linkedin.com/in/chintandave
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Mumbai