If you find a security hole, please let us know at firstname.lastname@example.org. We try to respond (with fixes!) as soon as possible, and we really appreciate the help. The following are discovered and responsibly disclosed security holes in Hindu Media Wiki, (list keeps updating):
The various show-stopper bugs were hunted by Primordial Kāshyap many are fixed, and atleast one will remain in progress!
md5 Decrypting was working with some salt, fixed.
XSS was checked throughout the site, was fixed in chat.
A form handling bug led to a XSS vulnerability using HTTP parameter polution.
Edit the story forms were vulnerable to reflected XSS when provided malformed query string arguments.
cookie forging has been tested and fixed with https certificate
SSL pinning has been implimented to prevent network sniffing activities
First time post without manual login were taking wrong userid from session, Thanks to The Narrator for hunting this :)
On 16/09/2020 Vedic Vyasa informed in great details about leaking folder access and saved us from big security threats of developing part of the wiki application. Indeed a Big Thank you :)
On 17/03/2021 Swapnil Talele in his HinduMediaWiki VAPT Report , descibed many Vulnerability. Most of them are solved and many are being solved, Thanks a lot to him :)
Our Twitter Thumbnail image is made with awesome Devotion and Detailing , Thanks to Jyothi for This Beautiful gift :)
Hindu Media Wiki is a Resource sharing and discussion site for followers of the Hindu religion and those interested in learning more about Hinduism.