Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Post Request XSS vulnerability. Show all posts

Defencely Website vulnerable to Non Persistent XSS

Security Researcher Vedachala has discovered a post based Cross site Scripting vulnerability in the Defencely website - A company that provides web application penetration testing service.

The main page of the Defencely allows user to enter their website to get a security report.  The form gets the input and pass the website address as "website_url" parameter to "Defencely.com/report_submit.php".

"If a web application is getting user's input, it is always better to double check and make sure the parameter is sanitized." 

Post based xss in Defencely

Veda has identified that "website_url" parameter is not sanitized and vulnerable to post request based XSS.  He successfully managed to get the injected-script executed.

In one of the facebook group related to Security , the researcher provided the proof-of-concept(You can also find the details at pastebin.com/9JeJ1HK6).  We have successfully verified the vulnerability.  At the time of writing, the website is still vulnerable.

*Update:
 Another Security Researcher named QuisterTow has discovered one more xss Vulnerability in the Defencely website.

The researcher provided the following POC in the pastebin(http://pastebin.com/yZzyezqG):
www.defencely.com/getstarted.php?id=Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KCd4c3NlZCcpIC8+&price=OTk=&plan=c3RhcnRlcg==

At the time of writing, we are still able to reproduce the vulnerability.

Multiple Cross Site Scripting Vulnerability in Airtel website

A Security Researcher Vedachala who got acknowledged by PayPal, Zynga and more sites, has discovered a Reflected Cross Site scripting vulnerability in the India's leading telecommunications services provider, Airtel(airtel.com)

The researcher found that Username and Password field in this page "ebpp.airtelworld.com/myaccount" are vulnerable to XSS attack. This vulnerability is POST request based xss.

When you enter the this code in the username field with any password , it results in XSS :

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

The researcher has claimed to have found XSS on BSNL, Tatadocomo and 000webhost. He also claimed that he reported about vulnerability to Airtel but they failed to respond.

Recently,  I(Sabari Selvan aka BreakTheSec) discovered a XSS vulnerability in Airtel website and  reported to them.  It seems like they neither reply nor patch the vulnerability , So it is better to publish my finding in this same post itself.


The POC code for my finding:
http://www.airtel.in/wps/wcm/connect/airtel.in/airtel.in/home/foryou/mobile/prepaid+services/reach+airtel/PG_FY_MB_Prepaid_ReachAirtel/?page=cs_m&CIRCLE=2&CIRCLENAME="><script>alert("BreakTheSec")</script>