Cross-site Scripting Vulnerability reported on Indian Government Websites

Web-Application security is the buzz word in the Information Security circles these days. The proliferation of Dynamic web sites, have opened up new vistas for hackers to exploit.

Cross-site Scripting is emerging as one of the most potent threats for Web applications. Most of the Identity thefts taking place on the Internet is attributed to Cross-site Scripting attack directed @ web users.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

A vast majority of Dynamic Web sites suffer from Cross-site Scripting vulnerability. The callousness on the part of Web developers, coupled with their abysmal knowledge about Web Security, pose a grave threat to the Security landscape.

The Indian Council of Agricultural Research’s website is a case in point. One of the search pages on the ICAR’s websites is currently carrying a Cross-site Scripting Vulnerability. The proof of concept is shown in pic below….

Although nothing malicious can be achieved using the demonstrated vulnerability. But, it highlights the larger issue of insecurity prevailing on the top notch Websites !


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s