Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home XSS Vulnerability in weather.CNN.com
Vulnerability Web Application Vulnerability XSS Vulnerability Zer0Lulz

XSS Vulnerability in weather.CNN.com

Wednesday, March 14, 2012

Hacker known as Zer0Pwn, from Zer0Lulz , come with more vulnerability in CNN website.  Today, he found Cross Site Scripting vulnerability in weather.cnn.com website.

The map.jsp page in the weather.cnn.com allows an attacker to run his own javascript code.  An attacker can use this vulnerability for hijacking cookies, phishing attack.    

Poc:
weather.cnn.com/weather/maps.jsp?region=na&mapview=sat%22%3E%3C/Zer0Lulz%3E%27-/%22/-%3Cimg%20src=%22LULZ%22%20%22%3E%3Cbody%20onmouseover=alert(%22XSS%22);%3E
Yesterday, Hacker found Remote File Inclusion(RFI) vulnerability in CNN website.



Tags: Vulnerability Web Application Vulnerability XSS Vulnerability Zer0Lulz
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability

Zer0Lulz