CYBER NEWS

75% dos sites em Weather.com vulneráveis ​​a ataques de script entre sites

Application vulnerability on the official website of The Weather Channel exposing almost all links to cross-site scripting attacks has been addressed recently.

The discovery that over 75% of the websites on Weather.com were vulnerable was made by Wang Jin, a student at the Nanyang Technological University in Singapore.

In order to execute a script, the attacker simply has to add it at the end of the URL of The Weather Channel, explains Wang.

The findings made the student were posted on the Full Disclosure forum. He stated that he used a custom tool to test numerous links on weather.com, and even posted a video of an attack.

De acordo com o Open Web Application Security Project, cross-site scripting is ranked third among the most common types of web application flaws in the past year. Such vulnerabilities appear when untrusted data is accepted by the application. This way the app is redirected to a web browser without being validated.

Cross-site scripting allows cyber criminals to execute script in the browser of the victim, capable of hijacking user sessions, redirecting the computer user to corrupted websites or defacing web pages.

Wang reported that the attack worked without a user being logged in. For his test-attack, he used IE 9.0.15 no Windows 7 e Firefox 26 on Ubuntu 12.04.

XSS attacks

Avatar

Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...