[Owasp-delhi] Rediff Search engine XSS Vulnerability

Nilesh Kumar (India) Nilesh.Kumar at sdgc.com
Mon May 18 03:08:49 EDT 2009


FYI....

 

Nilesh Kumar CEH ISMS LA

Security Specialist

Governance,Risk &  Compliance (GRC)
________________________________________________________________________


Cell:+91-9891524880 


SDG Software India Pvt. Ltd. 
A-10, Sector 2,NOIDA 201301, (UP), INDIA 
Website: www.sdgc.com 

Please Note: The e-mail content is intended for the sole use of the
intended recipient/s and may contain material that is CONFIDENTIAL AND
PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying
or distribution or forwarding of any or all of the contents in this
message is STRICTLY PROHIBITED. If you have erroneously received this
message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.

 

From: Nitin Saxena [mailto:nitins at cybermedia.co.in] 
Sent: Monday, May 18, 2009 11:30 AM
To: Nilesh Kumar (India)
Subject: Re: [Owasp-delhi] Rediff Search engine XSS Vulnerability

 

Thanks Nilesh,

 

Please do send me the advisory as well, this will help.


Regards

Nitin Saxena

	----- Original Message ----- 

	From: Nilesh Kumar (India) <mailto:Nilesh.Kumar at sdgc.com>  

	To: Nitin Saxena <mailto:nitins at cybermedia.co.in>  

	Cc: owasp-delhi at lists.owasp.org ; Abhay Bhargav
<mailto:ab at sisa.co.in>  

	Sent: Monday, May 18, 2009 11:19 AM

	Subject: RE: [Owasp-delhi] Rediff Search engine XSS
Vulnerability

	 

	Hi Nitin,

	 

	     I had contacted one guy Salil via LinkedIn --as you can't
find a single e-mail id on Rediff to contact for security incidents-told
him about the issue. He is Associate Director, Product Development in
Rediff. He accepted the invitation and gave his mail id '
salilc at rediff.co.in <mailto:'salilc at rediff.co.in> ' to send the details.

	This is Salil's profile 
http://www.linkedin.com/profile?viewProfile=&key=3457305

	 

	Later on I sent him the details in form of an advisory. If you
want, can send the same to you too. It reports XSS as well as 'Blind SQL
Injection' on their site.

	 

	Attached is the mail conversation with Salil.

	 

	 

	Regards,

	Nilesh Kumar CEH ISMS LA

	Security Specialist

	Governance,Risk &  Compliance (GRC)

	nileshkumar83.blogspot.com
	
________________________________________________________________________


	Cell:+91-9891524880 

	
	SDG Software India Pvt. Ltd. 
	A-10, Sector 2,NOIDA 201301, (UP), INDIA 
	Website: www.sdgc.com 
	
	Please Note: The e-mail content is intended for the sole use of
the intended recipient/s and may contain material that is CONFIDENTIAL
AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or
copying or distribution or forwarding of any or all of the contents in
this message is STRICTLY PROHIBITED. If you have erroneously received
this message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.

	 

	From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Nitin Saxena
	Sent: Monday, May 18, 2009 10:55 AM
	To: nileshkumar83 at gmail.com; Abhay Bhargav
	Cc: owasp-delhi at lists.owasp.org
	Subject: Re: [Owasp-delhi] Rediff Search engine XSS
Vulnerability

	 

	Abhay / Nilesh,

	 

	Let me take this to there higher authorities, can you help me by
passing on the communications that you have sent to Rediff.com
initially.

	 

	Regards

	Nitin Saxena

	Lead Events and Communications Committee

	OWASP Delhi Chapter

		----- Original Message ----- 

		From: nileshkumar83 at gmail.com 

		To: Abhay Bhargav <mailto:ab at sisa.co.in>  

		Cc: owasp-delhi at lists.owasp.org 

		Sent: Saturday, May 16, 2009 11:35 AM

		Subject: Re: [Owasp-delhi] Rediff Search engine XSS
Vulnerability

		 

		Yes Abhay,  I agree, but they don't seem to be agree
with us! :)
		 
		Have you reported them the issue? I doubt they will work
on it. 
		 

		
		-- 
		Thanks & Regards,
		Nilesh Kumar,
		Security Specialist | Governance Risk Compliance
		www.nileshkumar83.blogspot.com
		www.linkedin.com/in/nileshkumar83
		Mobile- +91-9891524880

________________________________

		_______________________________________________
		Owasp-delhi mailing list
		Owasp-delhi at lists.owasp.org
		https://lists.owasp.org/mailman/listinfo/owasp-delhi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090518/2cb7d000/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Microsoft Word - Security Advisory_Rediff.pdf
Type: application/octet-stream
Size: 111133 bytes
Desc: Microsoft Word - Security Advisory_Rediff.pdf
Url : https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090518/2cb7d000/attachment-0001.obj 


More information about the Owasp-delhi mailing list