14 DAY TRIAL // Shadab Siddiqui, the independent security researcher that recently identified vulnerabilities in sites such as redhat.com, nec.com and udemy.com, returns with another round of security holes, this time affecting India’s most popular search engine Guruji.com, sometimes preferred over Google due to the better results it brings up when performing local searches.
With the aid of another security expert, Deepanker Verma, the owner of Hacking Tricks, he found a cross-site scripting (XSS) vulnerability and a VS disclosure issue. The latter does not have a direct impact on a site’s security, but attackers could leverage the weakness to gather information.
The CVS repository files found by the researchers can disclose the CVS’s physical paths, names and file lists.
“While disclosures of this type do not provide chances of direct attack, they can be useful for an attacker when combined with other vulnerabilities or during the exploitation of some other vulnerabilities,” Siddiqui told us.
They also came across the site’s open policy Crossdomain.xml file which can be utilized to access one-time tokens.
“Open Policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions,” he continued.
We have contacted Guruji to let them know about the existence of the security holes and hopefully they’ll address them in the shortest time to ensure that their customers are protected against potential malicious operations.
“Ferruh Mavituna released an XSS shell with the help of which users can go to the possibility of taking down the whole server just through XSS as it is a browser equivalent of reverse command shell.
“So it does not depend upon the type of vulnerability that exist in the webpage or application, but depends upon the mind that is exploiting that vulnerability,” the expert concluded.
