Hacking group "Zer0Lulz" find a Reflected XSS vulnerability in weather.aol.com website. Zer0Pwn (Leader of Zer0Lulz) did a quick XSS pentest on AOL.com. The rumours are true, security is only an illusion.
Reflected XSS is not a critical Vulnerability but it can be used in Social engineering attack. For instance, it may used to steal cookies.
Vulnerability Details:
- Vulnerable Site: weather.aol.com
- Vulnerabilties: Reflected XSS
- Vulnerability found by: Zer0Pwn, leader of Zer0Lulz.
- Vulnerable link:
http://weather.aol.com/search-results/"><img src="XSS_By_Zer0Lulz" onerror=alert("XSS_By_Zer0Lulz");>
