Rediffmail XSS vulnerability disclosed

A member of the ‘NULL’ mailing-list today announced a ‘Persistent XSS’ vulnerability in the ‘subject’ parameter of RediffMail’s email application.
This Vulnerability was discovered and reported by w4rl0ck.d0wn and Rockey Killer of h4ck3r crew
Check out their PoC video at:
Rediffmail PoC

Now, this is an extremely critical vulnerability as the user will be attacked by simply visiting their Inbox.
As shown in the PoC, session variables can be captured and re-direction is also possible.Infact, the possibilities are endless !!
Rediffmail being quite popular with a certain segment of Indian masses, I think they should seriously look into this and also improve their overall perspective on security.They must be one of those rare service providers who still allow users to send their credentials over unencrypted HTTP protocol.

Rediffmail Plaintext credentails captured using wireshark

Rediffmail Plaintext credentails captured using wireshark

Rediff needs to get their act together !

————————————————-
Below is the original advisory:

About Rediff
Rediff.com (Nasdaq: REDF) is one of the premier worldwide online providers of news, information, communication, entertainment and shopping services.
Rediff.com provides a platform for Indians worldwide to connect with one another online. Rediff.com is committed to offering a personalized and a secure surfing and shopping environment.
Rediff.com additionally offers the Indian American community one of the oldest and largest Indian weekly newspapers, India Abroad.
Founded in 1996, Rediff.com is headquartered in Mumbai, India with offices in New Delhi, Bangalore, Chennai, Hyderabad and New York, USA.

Mission In The Internet Space
To provide world-class online consumer service offerings to Indians worldwide.

Vulnerability
Persistant XSS Vulnerability in Subject field of rediff
Vulnerability Reported on : Sat, Jan 23, 2010 at 1:23 AM
But they din’t even cared to respond back .

Credits
This Vulnerability was discovered and reported by w4rl0ck.d0wn and Rockey Killer of h4ck3r crew

POC
http://h4ck3r.in/Reported%20Vulnerabilities/rediff/

Rockey Killer
h4ck3r Crew

Advertisements

One thought on “Rediffmail XSS vulnerability disclosed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s