I was going though few Indian e-commerce websites and found XSS vulnerabilities in few of them. I’m not publishing injection patterns due to security reasons. If anyone from the companies listed below want to know the injection pattern for their respective websites, get in touch. Below is the list of websites which are vulnerable:

• http://shopping.indiatimes.com/
• http://www.fabfurnish.com/
• http://www.saholic.com/
• http://www.bewakoof.com/
• http://www.lenskart.com/
• http://www.watchkart.com/
• http://www.bagskart.com/
• http://www.jewelskart.com/
• http://www.fnp.com/
• http://www.naaptol.com/

Find the screenshots for all the sites listed above (click to enlarge) : Continue reading