ISRO site vulnerability exposed by Abir Atarthy

Indian Space Research Organization( )  is vulnerable to session hijak. This vulnerability is exposed by Abir Atarthy.

We have already mailed ISRO regarding this. The details are as follows:-

Vulnerability description: 
Cookie Not Marked As HttpOnly:-
HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
Identified Cookie:-  ASP.NET_SessionId
Vulnerability Classifications:  OWASP A6 CWE-16
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim’s session.
Consider marking all of the cookies used by the application as HTTPOnly. After these changes javascript code will not able to read cookies.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: