Recently, Ethical Hackers News received a news report from Tunisian Cyber Army and Al Qaida Electronic Army in which the hackers claimed to have infected the Pentagon administrator, as part of their on going operation called "#opBlackSummer". The attack was happened after hackers identified a reflected cross site scripting(XSS) vulnerability in one of the sub domain of Pentagon (g1arng.army.pentagon.mil). The hacker managed to exploit this vulnerability for sending malicious payload to the admin of Pentagon. Hackers claims that they got success in infecting them. Hackers said they compromised some important file and steal cookies from the pentagon mail. The security breach was done with collaboration with Chinese hackers.
At the time of writing, the vulnerability is not fixed. If the TCA claim is true, then this one will be the best example that demonstrate the severity of simple reflected xss. In another mail, the team said the have hacked the state.gov with SQL injection vulnerability.
No comments:
Post a Comment