Truecaller is a global phone directory application for smartphones and feature phones, and accessible via a Web site,
developed by True Software Scandinavia AB. It finds contact details
globally given name or telephone number, and has an integrated caller ID service using Crowdsourcing
to achieve call-blocking functionality and social media integration to
keep the phonebook up-to-date with pictures and birthdays.performing 120 million searches of the telephone number database every month. As of January 22, 2013 Truecaller reached 10 million users.
It was the times when Truecaller was trending (6 month ago), i was just crawling on their website till i have found a XSS on thier website as soon as i found XSS which affected thier search bar for searching number on thier main website. i just reported them about XSS and screen-cased the video for the vulnerability which i have found. my report -
few days after the XSS was fixed but i was having no response.. at leaast no mail saying "Thank You". i really find myself very frustrated when the companies like these doesn't even thank for finding a security bug. but after few days i have find a reply from the guy itself to thank me and leave a lame excuse for not replying me.
It was the times when Truecaller was trending (6 month ago), i was just crawling on their website till i have found a XSS on thier website as soon as i found XSS which affected thier search bar for searching number on thier main website. i just reported them about XSS and screen-cased the video for the vulnerability which i have found. my report -
Hello,
i have found vulnerability on website, this is a XSS (Cross Site Scripting Vulnerablity) and can be very dangerous for you website!
Please Fix it as soon as possible. PoC : http://www.truecaller.com/search?country=India&q=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E Regards, Parv Jain (@n3g4tiv3eLemEnt)
few days after the XSS was fixed but i was having no response.. at leaast no mail saying "Thank You". i really find myself very frustrated when the companies like these doesn't even thank for finding a security bug. but after few days i have find a reply from the guy itself to thank me and leave a lame excuse for not replying me.
Post a Comment