[Owasp-ibwas09] Is there a IBWAS play?

Lorna Alamri lorna.alamri at owasp.org
Wed Jan 6 15:58:29 EST 2010


January 5, SC Magazine – (International) Cross-site scripting
vulnerabilities see two political websites hacked. Political websites were
hacked January 5, leaving leaders embarrassed. A report on BBC News said
that visitors to Spain’s EU presidency website were greeted by an image of
comedy character instead of the Spanish Prime Minister. The government said
that the site - www.eu2010.es - had not been attacked and that a hacker had
taken a screenshot of the homepage to make a photo montage using a
cross-site scripting (XSS) vulnerability. A senior security advisor at Trend
Micro, said that the compromise only lasted a few hours until the original
content was restored and site administrators were reportedly working on a
fix. He said: “In this instance there does not appear to have been any
malicious intent, but the dangers of XSS vulnerabilities should not be
underestimated. Cross-site scripting vulnerabilities allow attackers to
inject code into innocent web pages in which it would not otherwise appear.
The security expert also flagged a compromise on the official website of the
president of Iran. Source:
http://www.scmagazineuk.com/cross-site-scripting-vulnerabilities-see-twopolitical-websites-hacked/article/160597/


-- 
Lorna Alamri

OWASP Connections
skype: lorna.alamri
lorna.alamri at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ibwas09/attachments/20100106/064127de/attachment.html 


More information about the Owasp-ibwas09 mailing list