Sharekhan(Indian Stock Trading Portal) provides it’s user to trade in stock market & Manage their DP account also. Being in finance domain it should be secure & vulnerability free but it’s online portal “https://strade.sharekhan.com/” contains multiple XSS ( Cross site scripting) vulnerabilities those can be used against the site users for fishing & information gathering & can be turned to their financial losses . I have tried to contact the sharekhan but didn’t got any positive response yet. So I am reported these vulnerabilities to the cert.in for further action & co-ordination with sharekhan site administrator.
These are fairly simple to discover & exploit.
Type of vulnerability : Input validation ( XSS)
Product: Sharekhan trading Portal
(User login Required )
(User login is not required)