Sunday 12 September 2010

Ziddu.com Vulnerable to XSS

Today, I was trying to download some file from ziddu and since the author had already deleted the file, I was redirected to the error message page. And I thought of playing around with the message from GET params which was being displayed into the page.

I first added <i> and </i> in between the message and found that the HTML tags were not being filtered. Then I used the <script> tag and tried to do the alert but they were adding backslashes in the single and double quotes...
Then I used the String.fromCharCode() JS function and the alert appeared in the site..

http://www.ziddu.com/errortracking.php?msg=%3Cscript%3Ealert%28String.fromCharCode%2883,65,77,65,82%29%29;%3C/script%3E

Ziddu.com suffers from the XSS and I've notified them.