An Indian Security researcher Shadab Siddiqui has discovered multiple vulnerabilities in the official website of Honeywell (honeywell.com) including XSS, Iframe Injection and an Image uploading vulnerability.
Honeywell is a Fortune 100 Company with a workforce of approximately 130,000, of whom approximately 58,000 are employed in the United States. The company is headquartered in Morristown, New Jersey.
“Using Iframe Injection, an attacker can inject advertisements inside any other websites, insert malware infected site links, redirect to malware infected sites and more. Malware Attackers use this IFrame and include the malware websites,” Softpedia quoted as Siddiqui saying.
“They are able to include the webpage one pixel square(You won't able to see it in webpage). Obfuscate the JavaScript that will run automatically from that included page so that it looks something like '6C framebo' - leaving no obvious clue that it's malicious.”
“Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages,” he explained.
He also pointed out the fact that an attacker could rely on the XSS vulnerabilities to perform clickjacking.
In past , researcher discovered vulnerabilities in redhat.com, pinterest.com, alshaya.com and the popular Indian search engine Guruji.
