An independent security researcher from Pakistan, going with the name of Danish Tariq has claimed to found cross site scripting vulnerability (XSS) on the websites of IndiaTimes and Ask.com.
Indiatimes (www.indiatimes.com) is the Internet subsidiary of The Times of India Group, under which, some of the largest websites in India – The Times of India, The Economic Times, Navbharat Times and Maharashtra Times operate.
While Ask.com (originally known as Ask Jeeves) is a question answering-focused web search engine founded in 1996 by Garrett Gruener and David Warthen in Berkeley, California.
The researcher claimed to have reported the vulnerability to IndiaTimes and Ask.com but for now there has been no response from either of them, which is keeping the sites’s users in danger zone of getting hacked and privacy compromised.
Below given screenshots from IndiaTimes and Ask.com were provided by the researcher.
Screenshot from IndiaTimes.com
Pakistani Security Researcher Founds XSS Vulnerability in IndiaTimes and Ask.com
Screenshot from ask.com:
Pakistani Security Researcher Founds XSS Vulnerability in IndiaTimes and Ask.com
Danish told me that he can not provide the in depth details on the present XSS vulnerability, as it can put users of those sites in problem.
Danish Tariq is a security researcher who has been helping web browser and Internet suite company Opera Software, the company has acknowledge the researcher’s services and added him in the list of people helping Opera in securing their websites.
