wordpress blog stats
Connect with us

Hi, what are you looking for?

Updated: Shaadi.com Security Vulnerability Allowed Access To User Profiles; Now Fixed

Update: Raxit Sheth has updated his blog on how he was able to access the profiles. All he had to do to get access to the shaadi.com member’s profile was to search for “eml-trk site:shaadi.com” without quotes on any search engines. Sheth claims that Anupam Mittal, CEO People Group, acknowledged the bug and mentioned that it was introduced during the last dev cycle. The bug has been fixed.

Jan 22, 2013: Earlier today, Raxit Sheth pointed us towards a URL which allowed the editing of a users profile on matrimonial website Shaadi.com. Sheth said that a critical vulnerability in the website allowed for this, allowing users to gain full access to a member’s profile without entering their account credentials. We tried it, and were able to access profiles (details below)

After we contacted Shaadi.com about this, and the vulnerability was fixed. On attempting to access the profile, we are now redirected to the websites homepage, and asked for login credentials. We’ve contacted Shaadi.com for their statement on the issue, and will update when we hear from them officially (which we are told, we will, by end of day today).

The Vulnerability

The vulnerability was limited to only specific profiles and didn’t allow users to access all member’s profiles. In these profiles, we were able to secure full access to the member’s profile including the ability to change profile details (screenshot below), and apparently chat with other members, send interests, reply to messages, among others.

Advertisement. Scroll to continue reading.

Here are few of the screenshots of a user’s profile, with details masked in order to protect his/her identity.

 

 

Security is critical for matrimonial portals: someone could have easily accessed profiles and sent inappropriate messages.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ