Tuesday, November 10, 2009

In.com XSS Vulnerabilty Disclosure

Dear All,

One Of the most famous website now days, In.com but most careless about Web Application Security.

So no falatu gyan this time Directly ScreenShots,

Now I tried to contact them but there was no reply, and my ip was Blocked :( ..........

1)



2)

3)

4)
Sorry for the delay in uploading last screenshot, they have updated the website and I was hoping that they might fix it but it is still vulnerable. I was waiting for the update to break it :P ........
Posted by at No comments:

Sunday, November 1, 2009

Vodafone India XSS Vulnerability Disclosure

Dear All,

So It's 1st Nov.09 and I was paying my mobile bill using Vodafone online Payment.

Now While doing that I notices the Big Banner Advertising that they are PCI DSS Certified by SISA for It's Mumbai Operations. Now I guess that they are advertising it on website so Website is also included in PCI DSS Cert. Just a guess because Online Payment is Crucial Part and I think that It should be included while testing for PCI-DSS.........



So I decided to do some time pass on the website and as usual this one is also vulnerable for XSS. Now as what I know about PCI DSS Cert. is If Injection Or XSS Is possible in any of the given application then you will not get PCI DSS Cert. It is considered as NC. Only 1 Vulnerable entry is also considered as NC.

Have a Look,

Any Comments ??
Posted by at 1 comment:
Subscribe to: Posts (Atom)