A Security Researcher Vedachala who got acknowledged by PayPal, Zynga and more sites, has discovered a Reflected Cross Site scripting vulnerability in the India's leading telecommunications services provider, Airtel(airtel.com)
The researcher found that Username and Password field in this page "ebpp.airtelworld.com/myaccount" are vulnerable to XSS attack. This vulnerability is POST request based xss.
When you enter the this code in the username field with any password , it results in XSS :
The researcher has claimed to have found XSS on BSNL, Tatadocomo and 000webhost. He also claimed that he reported about vulnerability to Airtel but they failed to respond.
Recently, I(Sabari Selvan aka BreakTheSec) discovered a XSS vulnerability in Airtel website and reported to them. It seems like they neither reply nor patch the vulnerability , So it is better to publish my finding in this same post itself.
The POC code for my finding:
The researcher found that Username and Password field in this page "ebpp.airtelworld.com/myaccount" are vulnerable to XSS attack. This vulnerability is POST request based xss.
When you enter the this code in the username field with any password , it results in XSS :
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
The researcher has claimed to have found XSS on BSNL, Tatadocomo and 000webhost. He also claimed that he reported about vulnerability to Airtel but they failed to respond.
Recently, I(Sabari Selvan aka BreakTheSec) discovered a XSS vulnerability in Airtel website and reported to them. It seems like they neither reply nor patch the vulnerability , So it is better to publish my finding in this same post itself.
The POC code for my finding:
http://www.airtel.in/wps/wcm/connect/airtel.in/airtel.in/home/foryou/mobile/prepaid+services/reach+airtel/PG_FY_MB_Prepaid_ReachAirtel/?page=cs_m&CIRCLE=2&CIRCLENAME="><script>alert("BreakTheSec")</script>