28 C
Lucknow
Thursday, September 12, 2024

Sunny Nehra and his teammates found security flaws in Indian army websites

The cyber proficient Sunny Nehra with his team detected several security loopholes in the official websites of the Indian Army. The critical vulnerabilities were detected by Sunnu Nehra from “Hacks and Security” in the websites Indian army.nic.in and join indianarmy.nic.in. With the help of his team, Nehra reported his findings to CERT-In and the concerned authorities for patching.


Nehra also observed that the country’s armed forces websites were using the highly outdated Lodash (a Javascript library). The versions that were affected by the package were vulnerable to Prototype Pollution. The function which is known as Zip object deep in layman language can be tricked into adding or can be modified properties of the Object prototype. On all objects, these properties can be seen.


The security system was in a critical state, if exploited it could lead to severe threats which include the complete takeover of the webserver. All these sites were implementing obsolete jQuery, Bootstrap and various other aspects of web applications. In return these sites susceptible to different types of attack.
Nehra also found out some other government websites were having some critical security vulnerabilities. UHBVN ( Haryana Bijli Vitatan Nigam) and DHBVN (Dakshin Haryana Bijli Vitaran Nigam) were the sites that were included with the data of so many users of the state of Haryana. As the websites weren’t up to date this became the major cause for the security issues was failing to keep various critical components of the websites.

Also Read  10 ways to Increase Traffic to Your Website


As the websites weren’t up to date so they contain an en number of date features which includes an out of date Liferay portal which can allow the attacker to exploit the Arbitrary file upload vulnerability to upload or to transfer dangerous piles of files. Within the products environment, such files can be automatically processed. In normal language or layman terms, the hacker can effectively take over the entire webserver.


This is not the initial phase where Hacks and Security team have found critical vulnerabilities in the government sites. In August 2021, Sanjeev Gupta who is currently the former CEO of Digital India had warned how the troops of Pakistani hackers had hacked into some of the nations news channels and how Hacks and Security rescued them to fix their security issues.


Our nation’s popular and acknowledged cyber security genius, Sunny Nehra, made a Twitter thread in order to disclose the root cause behind the websites of the government being so insecure.

Also Read  The Indian government set to ban cryptocurrencies


Indian government hosts its websites which includes Indian armed forces, on NICNET (National Informatics Centre Networks) data centres.

Related Articles

Reasi Attack Marks Shift in Terrorist Activities: 9 Killed, 33 Injured as Gunmen Open Fire on Pilgrims’ Bus in J&K

Nine people lost their lives, and 33 others were injured when terrorists attacked a bus carrying pilgrims to Shivkhori in Jammu and...

Delhi Crime Season 3: Release Date & Latest Updates

Remember the gritty realism and relentless pursuit of justice that had you glued to your screen in Delhi Crime seasons 1 and...

“Reflecting on December: A Month of Festivities, Reflection, and Hope”

As the year draws to a close, December arrives with a unique blend of festivity, reflection, and anticipation for the future. This...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Reasi Attack Marks Shift in Terrorist Activities: 9 Killed, 33 Injured as Gunmen Open Fire on Pilgrims’ Bus in J&K

Nine people lost their lives, and 33 others were injured when terrorists attacked a bus carrying pilgrims to Shivkhori in Jammu and...

Delhi Crime Season 3: Release Date & Latest Updates

Remember the gritty realism and relentless pursuit of justice that had you glued to your screen in Delhi Crime seasons 1 and...

“Reflecting on December: A Month of Festivities, Reflection, and Hope”

As the year draws to a close, December arrives with a unique blend of festivity, reflection, and anticipation for the future. This...

Dhanteras: Celebrating Wealth and Prosperity

https://youtu.be/BB4ODsgiWaQ?feature=shared Dhanteras, also known as Dhanatrayodashi, marks the first day of the Hindu festival of Diwali. Celebrated...

The Radiance of Diwali: A Festival of Lights and Joy

https://youtu.be/fm4ajXNjV38?feature=shared Diwali, also known as Deepavali, is a festival that illuminates the hearts and homes of millions,...