Skip to main content

D-Mart India is Vulnerable to Xss and Xpath Injection

Note: This post is only for educational purpose, the author of this website will not be responsible for any misuse.


D-Mart is a chain of hypermarket and supermarkets in India. As of 2013, it has 64 stores spread across MaharashtraGujaratAndhra Pradesh and Karnataka. Since D-Mart first opened its doors in the Mumbai region in 2000, it has grown into a trusted and well-established shopping destination in Maharashtra, Gujarat, Andhra Pradesh and Karnataka.  D-Mart is now looking forward to growing its stores across India.




D-Mart seeks to be a one-stop shopping destination for the entire family, meeting all their daily household needs. A wide selection of home utility products is offered, including foods, toiletries, beauty products, garments, kitchenware, bed and bath linen, home appliances and much more.



Since D-Mart first opened its doors in the Mumbai region in 2000, it has grown into a trusted and well-established shopping destination in Maharashtra, Gujarat, Andhra Pradesh and Karnataka.  D-Mart is now looking forward to growing its stores across India.


But recent days of my further testing on the D-mart India for vulnerabilities, I found two high vulnerabilities of  XSS(Cross Site Scripting) and XPath Injection vulnerability.


1: What is XPath Injection vulnerability?



XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input. An authenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.




References:



You can search more detail on XPath injection on this link.


















2: Cross Site Scripting(XSS)

It is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (the others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.


How Cross Site Scripting Works


Items that are affected:

  • /complaints01.asp 
  • /feedback01.asp 
  • /landlord01.asp 
  • /suppliers01.asp

I am taking http://www.dmartindia.com/feedback.html vulnerability as shown below:




Additional Vulnerability is that http://www.dmartindia.com/ is not having any backup.. So sad
 News.That is the reason why most of the Indian websites get hacked due to this poor vulnerabilities.



Comments

  1. Hello everyone, my name is Kate Johnson.i was able to hack my husband's phone remotely and gained access to all his texts and callswith the help of ghosthacker2351@gmail.com.he is very fast and reliable,I use him whenever I want to be sure about someone.if you require his services tell him I referred you.

    ReplyDelete

Post a Comment

Popular Posts