An Information Security Expert Narendra Bhati, from Sheoganj, India has discovered Reflected Cross site scripting vulnerability in the official website of MTS website(mtsindia.com).
MTS group is an Indian mobile network operator headquartered in New Delhi, that provides wireless voice, messaging and data services in India.
The vulnerability exists in the Search field of the website. Injecting the xss code in the Search box will execute successfully the injected code.
For instance, injecting the following code in the search box will display the alert box:
"><script>alert("E Hacking News")</script>Narendra also found that the field allows user to run the iframe code also. So , possibly, a hacker can inject phishing page to scam innocent visitors.
"/><iframe src="http://www.google.com" width=1000 height=1000></iframe>Learn Certified Hmei-7.blogspot.com Hacking Training Course in Pune by Sysaptech
Source:http://www.ehackingnews.com
Posting Komentar