Tuesday, April 3, 2007

XSS on JustDial.com




JustDial.com

Saw the ad a few days back on the TV, so thought could play with it. As expected, they haven't thought/bothered about Cross Site Scripting !

Just search for our usual keyword :


<script> alert("XSS"); </script>

and you can get alerts.

The reason for most XSS holes is due to the use of Microsoft's Active Server Pages (ASP). ASP does not have much default functions or modules to combat XSS. Whereas PHP has a number of functions to do the same.


Happy Hacking ...

1 comments:

Anonymous said...

Hi Arun,
I came across your blog from your blog's grazepage in grazeit, and I've been checking it out since then... Just wanted to let you know I took the liberty of adding a trackback to this post from the grazepage of JustDial.com.
Cheers,
GeekChic (Naomi)