-
April 14th, 2008, 09:32 PM
#1
CIA.gov - Deliciously XSS Hackable
Some cross-site scripting fun from our friends in the intelligence gathering biz...
Look Ma, I'm on CIA.gov - Threat Level, Wired Blogs
In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code.
Most are run-of-the-mill and hardly worth writing about, but reader HS writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist.
Be sure to override your browser's XSS protection to view the example.
-
April 14th, 2008, 09:41 PM
#2
OMG!.................. my little nephew was on their site only a few days ago............ hmmm.......... he then went to the FBI site
Hell, a pity I didn't think that he might be interested in the IRS
-
April 14th, 2008, 10:01 PM
#3
Member
That is delicious!
This is a great demo for showing the boss/bosses. Nothing like having a tangible example to show in real life.
Tachyon
|-----|Alcohol is my anti-drug |-----|
-
April 14th, 2008, 10:44 PM
#4
Agreed Tachyon...
Pretty benign in this example, but it's a GREAT way to get those doubters to pay attention.
-
April 15th, 2008, 01:20 AM
#5
Some cross-site scripting fun from our friends in the intelligence gathering biz...
Look Ma, I'm on CIA.gov
Be sure to override your browser's XSS protection to view the example.
I don't understand. Is this correct ---> Their is a vulnerability on the www.cia.gov website? Yes or no? I've had a few drinks this evening so I am a little slow (just be honest here) and question #2
See whats in bold phernandez, How do I override my browsers XSS protection to view the example? I just want to see the example, judging by nihil reply it must be good, if this seems like a stupid question it probably his however i CANT COMPREHEND IT and this moment care to explain all help is greatly appreciated, btw keep posting this stuff you find very interesting reads in deed. cn22 peace
ps what is pony is cute?
Last edited by Computernerd22; April 15th, 2008 at 01:24 AM.
-
April 15th, 2008, 11:58 AM
#6
Nice. It took me a second to figure out what was going on, I'm still working on my first cup of coffee.
Who's got the Cute Pony?
Mad Beaver
-
April 15th, 2008, 02:02 PM
#7
22,
IE7 (in my case) will give you a warning, just click through. NoScript on Firefox wouldn't allow me without disabling it.
In short, it displays the Wired story with the CIA.gov's URL string. Looks obvious in that example, but imagine if someone bothered to craft something a little more official looking...
Oh, and ponies... not cute: http://youtube.com/watch?v=u-prMb6BdNs
Similar Threads
-
By Old Man in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: October 29th, 2004, 10:08 PM
-
By fallenstar in forum Microsoft Security Discussions
Replies: 3
Last Post: October 7th, 2002, 11:34 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|