Html Injection On One Of The Indian Government’s Official Domain
Hi, Everyone.
Today im going to share the story that how i got the html injection vulnerability on Indian Government website.
First of all, i used some dorks to find login/register pages of Indian government.
dorks used-
site:*.*gov.in inurl:register
and i found a link:
https://smsheader.trai.gov.in/loginpage
on that page there is a field named “Fill your basic information” and there is two option one is for email and the another one is for email address.after filling the email option i entered the name like this <a href=”https;//www.google.com">click here</a> and clicks the continue button then i check my indbox and on that it was like this.
immediately i reported this to the TRAI,NCCIPC and after sometime i got a reply like this.
After someday they patched the vulnerability now there is no more html injection vulnerability.
HTML INJECTION VULNERABILITY IMPACT:
An attacker can enter anyone’s email to send this kind of mails which may contains malicious links, unwanted phishing stuff, attacker can insert some pictures which may result into bad reputation of company as the email is coming directly from the company.
THANK YOU FOR READING..!
