So, Landmark, a famous book/music/movies store in India is on the net at LandmarkOnTheNet.com. I was there to check whether they sell 3D glasses, even though there are some cheap paper glasses on ebay.in, but I want better quality. As usual, the bad habit of checking for SQL Injections and XSS tingled in my brain.

Apparently, LandmarkOnTheNet has both the problems.

and for SQL Injection, I didn’t try much, just give a single quote as input in search, the server choked with an error in the SQL Query (it actually told what the error is and where the error is; what a away to configure the production server)

So, there are many things you can have fun with above two, these are the keywords - My Account, Session Stealing, Gift Cards, SQL Injection, PIN Numbers, Free Shipping.

If I were a landmark website user, I would ensure that my browser is Firefox with NoScript addon installed. If I were a landmark webmaster, I would buy a book on Web Security right now, ah nevermind, I would just search in Google for tips of fixing XSS and SQL Injection vulnerabilities and fix them ASAP. I might also feel very bad for using so many tables in my markup.