Wednesday, December 05, 2012

Homeshop18 - Top 10 Indian Website?

Shouts to the websites that provide ranking for e-Commerce websites in India ;))

Additional shouts to people who tell me, how their "website security" budget is cramped, but they can do endless meetings, interviews and documentation work for compliance, year on year! :)

#############################################
# Website: www.homeshop18.com
# Date: 05.12.2012
# Bug: Cookie Manipulation / Bad authentication
############################################

Trust me when I say your website is the most visible and targetted asset in your whole infrastructure. It represents your brand image and everything your company stands for on the Internet. One mistake like this can cost a business - customers and sales...

Homeshop18 website suffers a few vulnerabilities namely path disclosure & user authentication cookies being insecure... If the cookies can be manipulated on the client side a user's data can be compromised which will lead to a security incident...

Kindly make amends and work on fixing the vulnerability within 48 hours, this information has been released with public awareness & safety in mind.

Cheers,
Kish

No comments: