Jump to content
Fi8sVrs

Hackers infect Pentagon admin by exploiting XSS vulnerability

Recommended Posts

  • Active Members
Posted

Recently, EHN received a news report from Tunisian Cyber Army and Al Qaida Electronic Army in which the hackers claimed to have infected the Pentagon administrator, as part of their on going operation called "#opBlackSummer".

The attack was happened after hackers identified a reflected cross site scripting(XSS) vulnerability in one of the sub domain of Pentagon (g1arng.army.pentagon.mil).

POC:

g1arng.army.pentagon.mil/Programs/Pages/Default.aspx?Category="><script>alert("xss by tca and AQECA on pentagon")</script>

xss-vulnerability-in-pentagon.jpg

The hacker managed to exploit this vulnerability for sending malicious payload to the admin of Pentagon. Hackers claims that they got success in infecting them.

Hackers said they compromised some important file and steal cookies from the pentagon mail. The security breach was done with collaboration with Chinese hackers.

At the time of writing, the vulnerability is not fixed. If the TCA claim is true, then this one will be the best example that demonstrate the severity of simple reflected xss. Yesterday, i have sent notification to Pentagon team about the vulnerability but there is no response from them.

In another mail, the team said the have hacked the state.gov with SQL injection vulnerability.

Source: Hackers infect Pentagon admin by exploiting XSS vulnerability | Hacking News | Security updates

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...