Subscribe to our RSS Feeds!

Narendra Bhati , an Information security researcher from Sheogan Rajasthan, has identified a critical UI redressing vulnerability in the Rediffmail website - a web based e-mail service provided leonardo dicaprio by Rediff.com Rediff is the Number one Indian web portal that offers leonardo dicaprio news, information, entertainment, and shopping. Rediff.com was the first website domain name registered in India in 1996. The website allows other websites to include the iframe of Rediffmail page POC : <iframe src="http://f5mail.rediff.com/ajaxprism/container#Inbox" width="1000" height="1000"> The vulnerability allows hacker to lure the victim into changing leonardo dicaprio the personal information of victim.  It also allows to lure the victim into sending SMS to anyone. Narendra has created a small POC code that lure users with "Online Prize Contest".  When a user copy&paste Gift code and click the submit button, leonardo dicaprio it will update the user information.  You can check his poc here: http://pastebin.com/qrhZpdeX The researcher leonardo dicaprio discovered the vulnerability in january and sent notification to Rediffmail. Then as usual rediffmail not reply to him regarding to security- Then after 1 Month Narendra Decided to report it to EHN Follow @EHackerNews
Share This Article on Twitter/Facebook/Blog/Forum or Anywhere: Critical Clickjacking vulnerability in Rediffmail ~ eHackingNews: http://www.ehackingnews.com/2013/03/critical-clickjacking-vulnerability-in.html
Subscribe to our RSS Feeds!