An Ethical Hacker "Girish Shrimali " discovered XSS Vulnerability in Truecaller.com and Look411.com websites.
About Truecaller: With TrueCaller you can get all the numbers in the world right in your pocket. With one simple touch you can save the callers name,True Caller is a global Caller ID application that shows you who the caller is before you answer! Caller ID, see who is calling - Social Caller ID, see your friends latest info from Facebook/LinkedIn on calls - SMS Preview - Block spam calls - Name and number search - Update phonebook with missing address information - Tweet your calls on Twitter automatically. It has received many awards form for its application developing contribution.
Look411: There is another website like Truecaller.com, it is Look411.com which is US based phone number and name search website
Vulnerable Links:
- http://www.truecaller.com/?p=number_search&country=India-Ahmedabad&q=%3Cscript%3Ealert%28%27XSS+found+by+Girish+Shrimali%27%29%3B%3C%2Fscript%3E&x=17&y=10
- http://www.look411.com/?p=number_search&q=%3Cscript%3Ealert%28%27XSS+found+by+Girish+Shrimali%27%29%3B%3C%2Fscript%3E&country=US
