KOZHIKODE: Rishi Mohandas, an independent security researcher hailing from Payyanur in Kannur has found a place in the ‘hall of fame 2018’ list of IT giant Oracle for reporting a bug in its website. Rishi, currently working in a Dubai firm, reported the ‘Stored XSS (Cross Site Scripting)’ vulnerability.
Through stored attacks, hackers can inject a script which is permanently stored on the target servers, such as in a database, message forum, visitor log or comment field.
“By exploiting the vulnerability, an attacker can use the data available in the website by inserting his own malicious HTML or Java script code on the website. The variety of attacks include transmitting private data such as cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site,” said Rishi in a chat with ‘Express’ from Dubai. Stored cross-site scripting is very dangerous for a number of reasons, he said.
“The hacker can inject Trojans via the code and the page content can be modified. Also, the hacker can mislead the user to his own webpage,” he said. Rishi had reported the bug to Oracle in January this year and the company had fixed it after his report was analysed. The hall of fame at Oracle’s On-Line Presence Security programme is just another feather in Rishi’s cap. Earlier, he had reported security issues in various IT companies.