Search This Blog

Powered by Blogger.

Blog Archive

Labels

Hackers infect Pentagon admin by exploiting XSS vulnerability

Tunisian Cyber Army and Al Qaida Electronic Army hackers claimed to have infected the Pentagon administrator with xss vulnerability
Recently, EHN received a news report from Tunisian Cyber Army and Al Qaida Electronic Army in which the hackers claimed to have infected the Pentagon administrator, as part of their on going operation called "#opBlackSummer".

The attack was happened after hackers identified a reflected cross site scripting(XSS) vulnerability in one of the sub domain of Pentagon (g1arng.army.pentagon.mil).

POC:
g1arng.army.pentagon.mil/Programs/Pages/Default.aspx?Category="><script>alert("xss by tca and AQECA on pentagon")</script>

xss vulnerability

The hacker managed to exploit this vulnerability for sending malicious payload to the admin of Pentagon. Hackers claims that they got success in infecting them.

Hackers said they compromised  some important file and steal cookies from the pentagon mail. The security breach was done with collaboration with Chinese hackers.

At the time of writing, the vulnerability is not fixed. If the TCA claim is true, then this one will be the best example that demonstrate the severity of simple reflected xss. Yesterday, i have sent notification to Pentagon team about the vulnerability but there is no response from them.

In another mail, the team said the have hacked the state.gov with SQL injection vulnerability. 
Share it:

Breaking News

Cyber Security News

hacker news

opBlackSummer

Reflected xss vulnerability

Tunisian cyber army

XSS Vulnerability