Hackers Find Global XSS Flaws

Friday, February 24, 2012 @ 10:02 AM gHale

Operation XSS, the operation launched by hackers from TeamHav0k found cross-site scripting vulnerabilities in the official websites of governments from all over the world, including United Kingdom, France, Brazil and the United States.

“Well here are some XSS’s from around the world! We have them on the French, United Kingdom and the United States(Cali) government’s. Shout out to: Pi, Zer0Pwn, SquirmyBeast, Kobez, Mobil3_xT You guys are all awesome and have all helped me out in the past 🙂 thanks guys,” the hackers wrote in a Pastebin post.

XSS Flaw in Skype Shop
Hacker Scopes Royal Navy, The Fed
Amnesty for CA Violations
Unintended Man in the Middle

Besides their statement, the post also contained proof-of-concept to show the site of France’s Ministry of Agriculture, Food, Fishing, Rural and Regional Development (agriculture.gouv.fr) contains a major XSS flaw that an attacker could take over an unsuspecting user’s session.

A similar vulnerability was on the official site dedicated by the French government to outdoor sports (sportsdenature.gouv.fr).

Moving on to the Brazilian government, the hackers discovered an XSS flaw that affects the website managed by the country’s National Agency for Electrical Energy (aneel.gov.br).

The domains owned by the Newport City Council (newport.gov.uk) and the Marine Accident Investigation Branch (maib.gov.uk) from the United Kingdom are on the list of potential victims.

A U.S. site listed as insecure belongs to the California Department of Pesticide Regulation (calpip.cdpr.ca.gov), the organization in charge of monitoring the use of pesticide and its effects on public safety.

Leave a Reply

You must be logged in to post a comment.