xss in snapdeal

50 views
Skip to first unread message

Nabarun sengupta

unread,
May 26, 2012, 10:08:06 PM5/26/12
to null-...@googlegroups.com
Hi null moderator let me inform you there is a xss vulnerability
observed in search page of snapdeal.com . Please help to report this
to the vendor

On 5/25/12, Naga Rohit <snaga...@gmail.com> wrote:
> Hi,
>
> I was wondering if there is any upcoming Null Delhi Meet.
>
> Thanks,
> Rohit
>
> --
> Get ready for the Dilli Shakedown!
> nullcon security conference Delhi Sept 26-29th 2012
> http://nullcon.net
>
> null - Spreading the right Information
> null Mailing list charter:
> http://null.co.in/section/about/null_list_charter/
>

webDEViL

unread,
May 27, 2012, 12:04:05 AM5/27/12
to null-...@googlegroups.com
When you are posting to a public group don't mention where the vulnerability lies and what it is.
That's the whole point of reporting.


On Sun, May 27, 2012 at 7:38 AM, Nabarun sengupta <sengupta...@gmail.com> wrote:
Hi null moderator let me inform you there is a xss vulnerability
observed in search page of snapdeal.com . Please help to report this
to the vendor

--
Get ready for the Dilli Shakedown!
nullcon security conference Delhi Sept 26-29th 2012
http://nullcon.net

null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/



--
Regards,
webDEViL


Nabarun sengupta

unread,
May 27, 2012, 1:07:45 AM5/27/12
to null-...@googlegroups.com
Sure, I will post the details in private forum. I didn't knew the
private email id, if given, I will ensure that in future.

Bipin Upadhyay

unread,
May 27, 2012, 1:34:57 AM5/27/12
to null-...@googlegroups.com
Have you reported the issue to SnapDeal?

»»sent from my pwnedBerry®

Uday Shankar

unread,
May 27, 2012, 12:14:09 AM5/27/12
to null-...@googlegroups.com
That's right. Please maintain ethics and prevent businesses from collapsing. Our aim must be helping business run without any kind of vulnerabilities and be ready to protect themselves from a cracker.



 

Date: Sun, 27 May 2012 09:34:05 +0530

Subject: Re: [null] xss in snapdeal

balaji gopal

unread,
May 28, 2012, 12:28:17 AM5/28/12
to null-...@googlegroups.com
I had reported them long back. They replied soon it will be patched and still patching is going is on.

Balaji Gopal

Niranjan ®

unread,
May 29, 2012, 7:20:26 AM5/29/12
to null-...@googlegroups.com
HI Guys,
 
I too checked that xss issue. But i dont think this will be an issue. Bcoz the search term is not getting reflected in the URL so the possiblity of attacking a user using this XSS would be not possible. How many of youthink the same?
Is there any other way to affect the user using this xss problem present in snapdeal now.
 
Thanks,
Niranjan

On Sun, May 27, 2012 at 7:38 AM, Nabarun sengupta <sengupta...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages