Flaws in Microsoft, Dell, TBS Sites

Friday, March 9, 2012 @ 04:03 PM gHale


There is a cross-site scripting (XSS) vulnerability in Microsoft’s main site and the official sites of Dell Australia and Turner Broadcasting System (TBS) also have security holes, a security researcher said.

The researcher, named Flexxpoint, discovered the XSS issue in the products page and demonstrated his findings with a simple proof of concept code, according to a report in E Hacking News.

RELATED STORIES
Google Fixes Chrome Vulnerabilities
Mozilla Shuts Vital Security Hole
Google Secures Chrome 17
Chrome Loses SSL Query Capability

If successfully exploited, the vulnerability could allow a hacker with a malicious plan to steal cookies and even launch phishing attacks.

The same expert recently identified a similar weakness in the official site of Ubuntu (Ubuntu.com).

The other vulnerable websites, found by a grey hat named BlitzSec, are also susceptible to XSS attacks.

“Dell…. You should know better than this D: cmmon patch this [expletive] up,” a BlitzSec representative said.

With TBS it’s a bit different. The site’s owners knew it was easy to compromise as TeamHav0k let TBS know it was easy to get through.

Since the website remained unsecured, hackers can perform cookie stealing, XSS Tunnels, and XSS attacks using Metasplot (XSSF).

“TBS you need to implement XSS filters. I was surprised to find this even after TeamHav0k’s XSS find on your site, thought you would have learned. Patch up XSS across your whole site, not just the affected page brought to your attention,” a BlitzSec hacker explained.

Lately, the large number of security holes identified by security experts and hackers in the public websites managed by high-profile companies prove the number of sites completely secure is really low.



Leave a Reply

You must be logged in to post a comment.