View RSS Feed

prashant_uniyal

XSS threats on leading Indian mobile operators websites

Rating: 2 votes, 1.50 average.
While passing by common websites, we had came across various security issues in them in the past. Be it a bug on Facebook, Flipkart or Indian Shopping sites, we have brought up many issues in the past and have responsibly disclosed them. This time while passing by few mobile operators website, we noticed Cross-site scripting a.k.a XSS, 2nd top on the OWASP top 10 list. These vulnerabilities can be noticed very easily and can be used by cyber crooks to execute malicious scripts on the website, and carry out stealth operations like phishing, scams etc.

The leading mobile operators whose websites we had uncovered are : Idea Cellular, Tata Communications and BSNL, India’s government backed telecom company. The two websites had persistent XSS and the third one a non-persistent. The following are some screen-shot of the websites where you can see scripts injected and iframe:







Well the response, as usual from the concerned authorities was dull or you can say nil! Still we waited for a long time frame and today are disclosing these threats. We hope these get patched as soon as possible. Users are advised to be aware while using such websites and should check for the legitimate emails from these websites, should check links closely before responding. One of the protection method is using Firefox with No-script add-on.
Tags: None Add / Edit Tags
Categories
Uncategorized

Comments

  1. prakhar's Avatar
    BSNL is the best website, to test your new hacking tool

Trackbacks

Total Trackbacks 0
Trackback URL: