Note: This post is only for educational purpose, the author of this website will not be responsible for any misuse.
D-Mart is a chain of hypermarket and supermarkets in India. As of 2013, it has 64 stores spread across Maharashtra, Gujarat, Andhra Pradesh and Karnataka. Since D-Mart first opened its doors in the Mumbai region in 2000, it has grown into a trusted and well-established shopping destination in Maharashtra, Gujarat, Andhra Pradesh and Karnataka. D-Mart is now looking forward to growing its stores across India.
D-Mart seeks to be a one-stop shopping destination for the entire family, meeting all their daily household needs. A wide selection of home utility products is offered, including foods, toiletries, beauty products, garments, kitchenware, bed and bath linen, home appliances and much more.
Since D-Mart first opened its doors in the Mumbai region in 2000, it has grown into a trusted and well-established shopping destination in Maharashtra, Gujarat, Andhra Pradesh and Karnataka. D-Mart is now looking forward to growing its stores across India.
But recent days of my further testing on the D-mart India for vulnerabilities, I found two high vulnerabilities of XSS(Cross Site Scripting) and XPath Injection vulnerability.
1: What is XPath Injection vulnerability?
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input. An authenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.
References:
You can search more detail on XPath injection on this link.
2: Cross Site Scripting(XSS)
It is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user�s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (the others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.
See http://www.acunetix.com/websitesecurity/xss/ for more details.
See Cheat sheet of XSS https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Items that are affected:
- /complaints01.asp
- /feedback01.asp
- /landlord01.asp
- /suppliers01.asp
I am taking http://www.dmartindia.com/feedback.html vulnerability as shown below:
Additional Vulnerability is that http://www.dmartindia.com/ is not having any backup.. So sad
News.That is the reason why most of the Indian websites get hacked due to this poor vulnerabilities.
No comments:
Post a Comment