Thursday 11 December 2014
Thursday 3 July 2014
Snapdeal is vulnerable to Xss(Reflected)
Further on testing i found Xss vulnerability in m.snapdeal.com
Affected Url:
1.> http://m.snapdeal.com/search?keyword=%3Cscript%3Ealert%28%27Tested+by+Anshuman%27%29%3B%3C%2Fscript%3E&categoryId=&catId=&suggested=false&vertical=&clickSrc=&lastKeyword=&prodCatId=&changeBackToAll=false&foundInAll=false&categoryIdSearched= (open with Firefox)
Regards: gd 4TT4CK3R !!!!
Saturday 10 May 2014
Bangladesh Railways is vulnerable to XSS
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses, a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.An attacker can use XSS to send a malicious script to an unsuspecting user. The end user�s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used by that site.
Regards: GD 4TT4CK3R
Tuesday 15 April 2014
PC Jeweller is vulnerable to SQL injection
The company's business model consists of opening large format, stand alone stores at high street locations. It's stores stock a wide range of jewelry across all price points, with an increasing focus on diamond jewellery. The company sells only hallmarked jewelry and certified diamond jewelry. This assurance on quality & purity along with transparent & customer friendly policies has enabled PCJ to become an established and trusted brand name in a short time span.
It has accordingly been opening showrooms at regular intervals and today has a strength of 41 stores spread over 33 cities.
The most valued asset is our relationship with the clients, which has been built over years by giving certified quality, latest designs, transparency in dealings and best personalized customer service. Proactive and timely research and creation of world class jewelry and also guidance to its customers to enable them to take correct purchase decisions.
The company is confident that its trust on diamond and other high margin jewellery along with customer oriented marketing initiatives would continue to help grow its top line as well as the bottom line.
Mr. Padam Chand Gupta, Chairman of the Company has our three decades experience in jewelry.
Mr. Balram Garg, Managing Director of the Company can easily be called the goodwill ambassador of this group. A man of clear vision and strong decision, Mr. Garg's approach in business rests on his belief that nothing is impossible.
Ok, Further on tesing i found a vulnerability of SQL injection in it.
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker�s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
Regards:GD 4TT4CK3R
Monday 14 April 2014
Andhra Pradesh Grameena Vikas Bank is vulnerable to SQL injection
| APGVB Formation |
| By amalgamation, on the 31st March 2006, of the following 5 banks, sponsored by SBI, to participate more energetically, with synergy, in the uplift and development of Rural Farm Sector and Rural Non-Farm Sector, with emphasis on the deprived, the Rural Poor, Rural ISB and Rural Crafts. Further on testing i found vulnerability in http://www.apgvbank.in Hope they will patch the vulnerability as soon as possible.  Regards:GD 5TT5CK3R |
Friday 11 April 2014
Thursday 10 April 2014
Pakistan Geo Tv News is Vulnerable to XSS
Further on testing i found vulnerability in Geo TV News of Pakistan
Affected URL: http://geo.tv/SearchNews.aspx?URL=%3Cscript%3Ealert%28%27test%27%29;%3C/script%3E
Regards:GD 4TT4CK3R
Affected URL: http://geo.tv/SearchNews.aspx?URL=%3Cscript%3Ealert%28%27test%27%29;%3C/script%3E
Regards:GD 4TT4CK3R
IIPM College is Vulnerable is XSS
Founded in 1973, The Indian Institute of Planning and Management has grown to become one of the most respected business schools in South Asia . Its unique focus on national economic planning and highly researched management process control techniques has rewarded it with having the most exhaustive linkages with all facets of the corporate world. The Integrated and Full Time Programme in National Economic Planning and Entrepreneurship provided by IIPM (which are superior to standard MBA and BBA programs), alongwith IIPM's Fellowship, Executive Education (and Global Opportunities and Threats Analysis programs where students visit organizations like the United Nations (Geneva), World Bank, ILO, Nestle S.A. Vevey, IMD Lausanne, Credit Suisse etc.) have created some of the highest standards in the management field.
Further on testing i found vulnerability
Regards: GD 4TT4CK3R
Wednesday 9 April 2014
Nivia Sports is Vulnerable to XSS
NIVIA � India�s leading Sports Brand, influential and intimately involved in shaping the sports in the country. As the originator of breakthrough technologies & innovative products , for decades NIVIA has produced legendary classics and earned nation-wide legitimacy in each sport that it has participated in. Backed by generations of sportsmen, NIVIA is the true INDIAN Iconic Sports Brand. NIVIA is Indian leading manufacturer of sports equipment, footwear & accessories. Our core sports are Football, Volleyball, Basketball, Cricket, Tennis, Hockey, Badminton and Squash.
Established since 1934, NIVIA is Headquartered in Jalandhar, India, NIVIA employee force is more than 2000, our dedicated sales network spreads to more than 1200 Dealers across India.
NIVIA is an Freewill Sports Pvt Ltd Brand.
Further on testing i found xss
Affected url:
http://www.niviasports.com/search.php?keywords=<script>alert('test')</script>
Regards: GD 4TT4CK3R
Established since 1934, NIVIA is Headquartered in Jalandhar, India, NIVIA employee force is more than 2000, our dedicated sales network spreads to more than 1200 Dealers across India.
NIVIA is an Freewill Sports Pvt Ltd Brand.
Further on testing i found xss
Affected url:
http://www.niviasports.com/search.php?keywords=<script>alert('test')</script>
Regards: GD 4TT4CK3R
Tuesday 8 April 2014
Sumpoorna Portfolio Limited is Vulnerable to SQL injection
Sumpoorna Portfolio Limited (�Sumpoorna Stock�/ �The company�) represents the equities arm of the Sumpoorna group. The company is a corporate member of both The National Stock Exchange of India Limited and The Bombay Stock Exchange, providing equity broking and research services, and catering to retail clients, domestic and foreign institutional investors. The company is focused on providing products, strategies and services to Corporates, HNIs, and retail clientele. We have a pan-India presence through our various channels, providing clients with the tools and services they need to maximize their investments performance and attracting new sources of capital.
Sumpoorna Stock spearheads the Capital Markets broking division of the Group, which provides services range from offline & online trading in equity, commodities and currency derivatives to debt market.
Regards by GD 4TT4CK3R
Subscribe to:
Posts (Atom)