[Owasp-delhi] Rediff Vulnerability

Nilesh Kumar (India) Nilesh.Kumar at sdgc.com
Thu May 28 03:21:45 EDT 2009


I agree....

 

Thanks,

Nilesh Kumar CEH ISMS LA

Security Specialist

Governance,Risk &  Compliance (GRC)
________________________________________________________________________


Cell:+91-9891524880 


SDG Software India Pvt. Ltd. 
A-10, Sector 2,NOIDA 201301, (UP), INDIA 
Website: www.sdgc.com 

Please Note: The e-mail content is intended for the sole use of the
intended recipient/s and may contain material that is CONFIDENTIAL AND
PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying
or distribution or forwarding of any or all of the contents in this
message is STRICTLY PROHIBITED. If you have erroneously received this
message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.

 

From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Nitin Saxena
Sent: Thursday, May 28, 2009 12:47 PM
To: Nilesh Kumar (India); abhay.bhargav at sisa.co.in
Cc: owasp-delhi at lists.owasp.org
Subject: Re: [Owasp-delhi] Rediff Vulnerability

 

They may have started rectifying the vulnerabilities at moment, let's
wait for a few days more and see if it is corrected.


Regards

Nitin Saxena

	----- Original Message ----- 

	From: Nilesh Kumar (India) <mailto:Nilesh.Kumar at sdgc.com>  

	To: nitins at cybermedia.co.in ; abhay.bhargav at sisa.co.in 

	Cc: owasp-delhi at lists.owasp.org 

	Sent: Thursday, May 28, 2009 12:34 PM

	Subject: FW: [Owasp-delhi] Rediff Vulnerability

	 

	         Sorry, still not fixed completely. Even on main page
itself it is restricting scripts in simple form ...but not encoded ones.
;)

	 Apart from this every second search module is suffering like
Product search, Shopping, Matcmaker, Astrology, Jobs endless.

	 Wherever is search module..high chance of vulnerability.

	 

	Abhay, main page search engine might be executing only encoded
ones, but search modules on other pages still happily executing normal
scripts. J

	 

	Just an eyewash J from Rediff.

	 

	Thanks,

	Nilesh Kumar CEH ISMS LA

	Security Specialist

	Governance,Risk &  Compliance (GRC)
	
________________________________________________________________________


	Cell:+91-9891524880 

	
	SDG Software India Pvt. Ltd. 
	A-10, Sector 2,NOIDA 201301, (UP), INDIA 
	Website: www.sdgc.com 
	
	Please Note: The e-mail content is intended for the sole use of
the intended recipient/s and may contain material that is CONFIDENTIAL
AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or
copying or distribution or forwarding of any or all of the contents in
this message is STRICTLY PROHIBITED. If you have erroneously received
this message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.

	 

	From: Nilesh Kumar (India) 
	Sent: Thursday, May 28, 2009 11:00 AM
	To: 'Nitin Saxena'; 'abhay.bhargav at sisa.co.in'
	Cc: owasp-delhi at lists.owasp.org
	Subject: RE: [Owasp-delhi] Rediff Vulnerability

	 

	That's great!

	 

	Thanks a lot Nitin for your initiatives!

	It only led to getting mail from one Rediff Authority to me that
issue will be solved soon, referring my report sent to them couple of
months back. Now fixed.

	 

	Abhay, good job done!

	 

	Thanks,

	Nilesh Kumar CEH ISMS LA

	Security Specialist

	Governance,Risk &  Compliance (GRC)

	http://nileshkumar83.blogspot.com 
	
________________________________________________________________________


	Cell:+91-9891524880 

	
	SDG Software India Pvt. Ltd. 
	A-10, Sector 2,NOIDA 201301, (UP), INDIA 
	Website: www.sdgc.com 
	
	Please Note: The e-mail content is intended for the sole use of
the intended recipient/s and may contain material that is CONFIDENTIAL
AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or
copying or distribution or forwarding of any or all of the contents in
this message is STRICTLY PROHIBITED. If you have erroneously received
this message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.

	 

	From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of SISA Abhay
Bhargav
	Sent: Wednesday, May 27, 2009 7:58 PM
	To: owasp-delhi at lists.owasp.org
	Subject: [Owasp-delhi] Rediff Vulnerability

	 

	Hi All

	 

	I am pleased to see that the Rediff Search XSS issue has been
fixed. Although I reported the issue to Rediff, I would like to thank
some members of OWASP Delhi for having taken the matter to a higher
plane and reporting it to someone who has been proactive. 

	 

	Unfortunately, several other Rediff sites are as vulnerable to
XSS as ever. I will probably go ahead and report this issue as well.
Hopefully it gets sorted out as quickly as the previous one. 

	 

	Check it out: http://citadelnotes.blogspot.com

	 

	Regards

	Abhay Bhargav

	CISSP, CPA, CISA, PCI QSA, OCTAVE Implementer

	  <http://www.sisa.co.in/> 

	SISA Information Security (P) Ltd| Ph 91 80 41153769| Fx 91 80
41153796

	 

	 

	 

	 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090528/b4379245/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1875 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090528/b4379245/attachment-0001.jpe 


More information about the Owasp-delhi mailing list