E Hacking News [ EHN ] - The Best IT Security News | Hacker News

Subscribe to my RSS

EHN
Cyber Crime
Vulnerability
Malware
IT Security
Hacker News
Spam
Defacements
Database Leaked

Follow @EHackerNews

Showing posts with label UI redressing vulnerability. Show all posts

Narendra Bhati, an Information security researcher from Sheogan Rajasthan, has identified a critical UI redressing vulnerability in the Rediffmail website - a web based e-mail service provided by Rediff.com

Rediff is the Number one Indian web portal that offers news, information, entertainment, and shopping. Rediff.com was the first website domain name registered in India in 1996.

The website allows other websites to include the iframe of Rediffmail page

POC :
<iframe src="http://f5mail.rediff.com/ajaxprism/container#Inbox" width="1000" height="1000">

The vulnerability allows hacker to lure the victim into changing the personal information of victim. It also allows to lure the victim into sending SMS to anyone.

Narendra has created a small POC code that lure users with "Online Prize Contest". When a user copy&paste Gift code and click the submit button, it will update the user information.

You can check his poc here:
http://pastebin.com/qrhZpdeX

The researcher discovered the vulnerability in january and sent notification to Rediffmail. Then as usual rediffmail not reply to him regarding to security- Then after 1 Month Narendra Decided to report it to EHN

Older Posts Home

Recent Posts
Comments

Sponsored Links

Become a Fan

Funded by

Cyber Security and Privacy Foundation:

EHacking news is funded by Cyber Security and Privacy Foundation.
http://cysecurity.org

Get Latest news at Your Email

Enter Your Email:

Add me in Google +

Subscribe to our RSS Feeds!

Follow Us on Twitter!

Sponsored Links:

Funny Forward Mails
Debugging Questions in Java

COPYRIGHT 2012 by EHN. | Read our Privacy Policy