Search This Blog

Powered by Blogger.

Blog Archive

Labels

XSS Vulnerability in weather.CNN.com


Hacker known as Zer0Pwn, from Zer0Lulz , come with more vulnerability in CNN website.  Today, he found Cross Site Scripting vulnerability in weather.cnn.com website.

The map.jsp page in the weather.cnn.com allows an attacker to run his own javascript code.  An attacker can use this vulnerability for hijacking cookies, phishing attack.    

Poc:
weather.cnn.com/weather/maps.jsp?region=na&mapview=sat%22%3E%3C/Zer0Lulz%3E%27-/%22/-%3Cimg%20src=%22LULZ%22%20%22%3E%3Cbody%20onmouseover=alert(%22XSS%22);%3E
Yesterday, Hacker found Remote File Inclusion(RFI) vulnerability in CNN website.



Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability

Zer0Lulz