A Hacker Echelon,TeamHav0k has found a redirection vulnerability in sony official website(sony.net). The vulnerability on sony site can be used for social engineering attacks.
Vulnerable link:
http://www.sony.net/cgi-bin/nph-GO.cgi?url=http://targetsite
By changing the target site URL, an attacker can redirect the innocent users to malicious/phishing websites.
"This vulnerability is a critical one because an attacker could have it redirect to a ripped sony phishing site and personal info will be easily obtained." Hacker said.
Also , they have discovered XSS vulnerability in Sub domain of NASA website. The search box in the spaceplace.nasa.gov found to be vulnerable to XSS attack.
"This was found last week, a hacker by the name of "FastFive" requested the help of one of the TeamHav0k Members in figuring out if this subdomain of NASA was vulnerable to XSS or not, so with a little magic from the teams bag of XSS tricks he pulled it off finding yet another XSS in NASA" The TeamHav0k Spokesman said.
POC:
http://spaceplace.nasa.gov/search/?q=";alert("XSS");"
