pan.nationxpress.

co
Issue Type Host Path Severity

SQL-Injection pan.nationxpress.co /login High

Client-Side-Desync pan.nationxpress.co /asstes/js/main.js High

Cleartext Submission of Password pan.nationxpress.co / High

dsc.nationxpress.com
Issue Type Host Path Severity
Client-Side-Desync dsc.nationxpress.com /assets/css/placeholder.css High

Cross Site Request Forgery dsc.nationxpress.com /login/service/validate-login Medium

Cross Site Request Forgery dsc.nationxpress.com /sent-reset-link Medium

TLS Cookies without secure flag set dsc.nationxpress.com / Medium

 digiindia.co
Issue Type Host Path Severity
Client-Side-Desync https://digiindia.co /assets/css/placeholder.css High
Issue Detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to SQL injection attacks. The payload ' was subm
The server appears to be vulnerable to client-side desync attacks. A POST request was sent to the path '/assets/js/main.js' with

The page contains a form with the following action URL, which is submitted over clear-text HTTP:
http://pan.nationxpress.co/login
The form contains the following password field:
password

Issue Detail
The server appears to be vulnerable to client-side desync attacks. A POST request was sent to the path '/assets/css/placeholde

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.

The following cookie was issued by the application and does not have the secure flag set: PHPSESSID, The cookie appears to c
Issue Detail
The following cookie was issued by the application and does not have the secure flag set: ci_session, The cookie appears to co
Issue Background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner.
A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application d
Client-side desync (CSD) vulnerabilities occur when a web server fails to correctly process the Content-Length of POST request

Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this
connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defe
advanced adversary could potentially target any connection made over the Internet's core infrastructure.
Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investi

Issue Background
Client-side desync (CSD) vulnerabilities occur when a web server fails to correctly process the Content-Length of POST reque

Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user th
forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions m
The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or bo
The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the applica
The request performs some privileged action within the application, which modifies the application's state based on the identi
The attacker can determine all the parameters required to construct a request that performs the action. If the request contain

Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user th
forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions m
The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or bo
The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the applica
The request performs some privileged action within the application, which modifies the application's state based on the identi
The attacker can determine all the parameters required to construct a request that performs the action. If the request contain

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP co
if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suita
form http://example.com:443/ to perform the same attack.
To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario
Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the ap
Issue Background
f the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP con
To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario
Issue Remidiation

The most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements)
each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query
database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It
avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.
You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not a
One common defense is to double up any single quotation marks appearing within user input before incorporating that input
then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is require
subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially w
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security be
constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invok
You can resolve this vulnerability by patching the server so that it either processes POST requests correctly, or closes the conn

Applications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the cl

Issue Remidiation
You can resolve this vulnerability by patching the server so that it either processes POST requests correctly, or closes the conn

The most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is
generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another
An alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests
domain requests that manipulate these headers to bypass such defenses.

The most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is
generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another
An alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests
domain requests that manipulate these headers to bypass such defenses.

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. I
should never be transmitted over unencrypted communications.
 Issue Remidiation
The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. I
omputer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the app
vileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should
ens used should never be transmitted over unencrypted communications.
he session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session t
used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.