[Owasp-Mumbai] Hacking Matrimonial site.
raxit sheth
raxit at m4mum.com
Sat Feb 14 02:20:44 EST 2009
Hi Chintan
Already informed to them. ! That's why name and exact details i have not
disclosed, hope they will fix it soon.
-raxit sheth
www.m4mum.com
On Sat, Feb 14, 2009 at 8:44 AM, chintan dave <davechintan at gmail.com> wrote:
> Dear Raxit,
> Its great that you found an xss flaw with some leading matrimonial site.
>
> Why don't you write an advisory and bring it to the owner's attention ?
> How does that sound?
>
> I guess most the experts around would appreciate that !
>
> On Sat, Feb 14, 2009 at 3:36 AM, raxit sheth <raxit at m4mum.com> wrote:
>
>> Hi Hacker !
>>
>>
>> just in lazy time, i am successfully find and Exploit, XSS on Leading
>> Matrimonial site !
>>
>> What it is doing (Exploit)
>>
>> 1. I am sending Classic Membership URL as Free Valentine day offer to
>> find your Life partner !. [This is the trick to send Specially Crafted ur!,
>> please note it is not dummy site, or url of my website. it is matrimonial
>> website only... where i am able to find XSS !!!]
>>
>> 2. User is going to matrimonial site using the url to grab
>>
>> 3. Enter their id,pwd.
>>
>> 4. Id,Pwd will be E-mail to Me :) [Without enduser is knowing !!! :) ]
>>
>> 5. I am redirecting the user to login again !
>>
>>
>> Do you want to grab the Valentine offer ???
>>
>>
>> Happy Hacking :)
>>
>> -Raxit Sheth
>> www.m4mum.com
>>
>> _______________________________________________
>> OWASP-Mumbai mailing list
>> OWASP-Mumbai at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>
>>
>
>
> --
> Regards,
> Chintan Dave,
> KPMG Singapore
> LinkedIn Profile: http://www.linkedin.com/in/chintandave
> Blog:http://davechintan.blogspot.com
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090214/b0320f7d/attachment.html
More information about the OWASP-Mumbai
mailing list