Requested URL: -http://diazepamabuse.com/ (POST 1,001 params) | Response URL: -http://diazepamabuse.com/ | Page title: Hacked By: Said-Verde-Rosso | HTTP status code: 200 (OK) | Response size: 3,730 bytes (gzip’d) | Duration: 75 ms
Overview
Cookies not flagged as “HttpOnly” may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the “HttpOnly” flag is missing it is due to oversight rather than by design.
Result
It looks like a cookie is being set without the “HttpOnly” flag being set (name : value):
_asomcnc : 1
Unless the cookie legitimately needs to be read by JavaScript on the client, the “HttpOnly” flag should always be set to ensure it cannot be read by the client and used in an XSS attack.
So let us take a look on one of the sites having that similar cookie/http/_asomcnc/14251,
whether all the sites mentioned share these same flaws, all are on nginx server.
The example website may be insecure: This website is insecure.
91% of the trackers on this site could be protecting you from NSA snooping. Tell blessedlearners.com to fix it.
Tweet
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
v1%3aXXXXX3498743501667 Twitter guest_id apis.google.com nid