XSS in SnapDeal.com

Site: http://www.snapdeal.com
Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection
Severity : Moderate
Author: Karthik R a.k.a 3psil0nlambda

I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail.

About the Site:

India’s fastest growing shopping site.

Vulnerability:
*XSS a.k.a Cross site scripting
*URL Redirection

Once found out the Vulnerability, it can be used in the following URL to create any attacks.

*Installing malware in the name of Snapdeal.com and gain credit card and other important credentials
*Phishing URL Redirection, and gain login-ID and password

URL used for crafting attacks:-
*http://www.snapdeal.com/search?categoryId=0&keyword=XSS &vertical=all&clickSrc=go_recent&locId=0
*http://www.snapdeal.com/products/lifestyle-handbags-wallets?q=Brand:Jute Planet,A-maze&sort=XSS

Greetz to side-effects, r4dc0re, lord crusader, team inject0r

Advertisements

Posted on June 6, 2012, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: