«
»

ISRO site vulnerability exposed by Abir Atarthy

Indian Space Research Organization(http://www.isro.org )  is vulnerable to session hijak. This vulnerability is exposed by Abir Atarthy.

We have already mailed ISRO regarding this. The details are as follows:-

Vulnerability description: 
 
Cookie Not Marked As HttpOnly:-
HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
Identified Cookie:-  ASP.NET_SessionId
Vulnerability Classifications:  OWASP A6 CWE-16
 Impact:-
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim’s session.
Remedy:-
Consider marking all of the cookies used by the application as HTTPOnly. After these changes javascript code will not able to read cookies.

 

 

This entry was posted on July 22, 2012 at 5:17 pm and is filed under Hacking news. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: