[Owasp-Mumbai] Hacking Matrimonial site.

chintan dave davechintan at gmail.com
Fri Feb 13 22:14:07 EST 2009


Dear Raxit,
Its great that you found an xss flaw with some leading matrimonial site.

Why don't you write an advisory and bring it to the owner's attention ?
How does that sound?

I guess most the experts around would appreciate that !

On Sat, Feb 14, 2009 at 3:36 AM, raxit sheth <raxit at m4mum.com> wrote:

> Hi Hacker !
>
>
> just in lazy time, i am successfully find and Exploit, XSS on Leading
> Matrimonial site !
>
> What it is doing (Exploit)
>
> 1.  I am sending Classic Membership URL as Free Valentine day offer to find
> your Life partner !.  [This is the trick to send Specially Crafted ur!,
> please note it is not dummy site, or url of my website. it is matrimonial
> website only... where i am able to find XSS !!!]
>
> 2.  User is going to matrimonial site using the url to grab
>
> 3.  Enter their id,pwd.
>
> 4.  Id,Pwd will be E-mail to Me :)  [Without enduser is knowing !!! :) ]
>
> 5.  I am redirecting the user to login again !
>
>
> Do you want to grab  the Valentine offer ???
>
>
> Happy Hacking :)
>
> -Raxit Sheth
> www.m4mum.com
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>


-- 
Regards,
Chintan Dave,
KPMG Singapore
LinkedIn Profile: http://www.linkedin.com/in/chintandave
Blog:http://davechintan.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090214/e104e3ff/attachment.html 


More information about the OWASP-Mumbai mailing list