Search This Blog

Time Now Tv & Shiksha Official Websites Vulnerable To XSS Security Flaw

Narendra Bhati, information security expert, has discovered non-persistent xss security flaw in Times Now Tv and Shiksha websites.
An 21 Years Old Information Security Expert, Narendra Bhati(R00t Sh3ll The Untracable) From Sheoganj Rajasthan ,Who Recently Acknowledge By and also find Many Persistent XSS And One SQL Injection In A Bank Website has discovered a non-persistent XSS security flaw in the official website of,Times Of India, News Bullet Sub Domain Of Start News Channel.

Narendra Says- Kailash Bhayya ,Ravi Sir & Sabari Sir This Is For You :-) is part of the group-Indias No.1 job portal. Other portals owned by our parent company Info Edge are,, and

TIMES NOW( is a Leading 24-hour English News channel that provides the Urbane viewers the complete picture of the news that is relevant, presented in a vivid and insightful manner, which enables them to widen their horizons & stay ahead.

In all these websites search fields are found to be vulnerable to the XSS injection.

POC code for Times Of India Tv:"/><iframe+src=""+width="1000px"+height="1000px"></iframe>&srchcombo=1&x=0&y=0

POC FOR :"/><iframe+src=""+width=1000+height=1000></iframe>&start=0&institute_rows=-1&content_rows=-1&country_id=&city_id=&zone_id=&locality_id=&course_level=&course_type=&min_duration=&max_duration=&search_type=&search_data_type=&sort_type=&utm_campaign=site_search&utm_medium=internal&utm_source=shiksha&from_page=homepage&autosuggestor_suggestion_shown=5
 Narendra also found that is also vulnerable to CSRF that allow attacker to change mobile no. of victim by a malicious web page .

Narendra also claimed that he try a lot to contact these all website by email,facebook page etc. But they not replied him from 1 month. After this he decided to disclose this vulnerability and reported to EHN. 
Share it:

Breaking News

Information Security News

Narendra Bhati

Security researcher


XSS Injection