Researchers: Indian Shopping Sites Expose Users by Not Patching XSS Flaws

Security researchers from Secfence Technologies have noticed that a lot of Indian online stores contain cross-site scripting (XSS) vulnerabilities, exposing their customers to attacks that rely on social engineering.

The list of websites appointed by the experts as containing the flaws includes: Naaptol (naaptol.com), 100 Bestbuy (100bestbuy.com), WesPro (wespro.phpdevelopment.co.in), and OLX (olx.in).

“If executed cleverly, cyber crooks can cause major damage and make ‘black’ earnings from these vulnerabilities. XSS being at 2nd position at OWASP Top 10 has been neglected in these websites by developers,” Prashant Uniyal, information security analyst at Secfence Technologies, explained.

The researchers have provided screenshots and a proof-of-concept for each of the sites.

“Security of such websites should be beefed up soon. I have tried contacting the concern authority many times, but no response from them. These bugs can be noticed manually by anyone,” Uniyal concluded.

Add me on Google+

Via: Researchers: Indian Shopping Sites Expose Users by Not Patching XSS Flaws