Showing posts with label Tunisian Cyber Army. Show all posts
Showing posts with label Tunisian Cyber Army. Show all posts
Sunday, March 10, 2013
0
Sunday, March 10, 2013
Nauman Ashraf
Tunisian Cyber Army with Al Qaida Electronic Army (AQECA) have found and exploited a Cross-Site Scripting (XSS) Vulnerability on the official Pentagon subdomain – Army National Guard (https://g1arng.army.pentagon.mil/Pages/Default.aspx) website. Hackers claimed assistance provided by Chinese hackers during their #opBlackSummer. Vulnerability still not fixed.
POC(Proof of Concept) Screenshot:
The hackers provided a screen shot to the The Hackers Post which shows the execution of vulnerability and POC (Proof of Concept).
[#] - Main Site Link:
XSS (Cross Site Scripting)
[#] - Status:
Not Fixed [Critical]
[#] - Tested on:
Firefox 18.0.1
-->
Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques. It is listed in Top 10 OWASP Vulnerability 2013. The Hackers Post written an article: A basic guide to XSS to get basic understanding of Cross Site Scripting.
According to HackRead, The hackers claimed to have assistance from Chinese hackers during their #opBlackSummer.
Its quite embarrassing that Pentagon website is vulnerable to the most common flaw, which exists in one of its sub domain. This left a question to the Pentagon web security team that such a common XSS flaw exists in their server.
Read More..
Pentagon subdomain Vulnerable to XSS flaw found by Tunisian Cyber Army & AQECA
Tunisian Cyber Army with Al Qaida Electronic Army (AQECA) have found and exploited a Cross-Site Scripting (XSS) Vulnerability on the official Pentagon subdomain – Army National Guard (https://g1arng.army.pentagon.mil/Pages/Default.aspx) website. Hackers claimed assistance provided by Chinese hackers during their #opBlackSummer. Vulnerability still not fixed.
POC(Proof of Concept) Screenshot:
The hackers provided a screen shot to the The Hackers Post which shows the execution of vulnerability and POC (Proof of Concept).
[#] - Main Site Link:
https://g1arng.army.pentagon.mil/Pages/Default.aspx[#] - Vulnerable Link:
https://g1arng.army.pentagon.mil/Programs/Pages/Default.aspx?Category="><script>alert("xss by tca and AQECA on pentagon")</script>[#] - Vulnerability Type:
XSS (Cross Site Scripting)
[#] - Status:
Not Fixed [Critical]
[#] - Tested on:
Firefox 18.0.1
Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques. It is listed in Top 10 OWASP Vulnerability 2013. The Hackers Post written an article: A basic guide to XSS to get basic understanding of Cross Site Scripting.
According to HackRead, The hackers claimed to have assistance from Chinese hackers during their #opBlackSummer.
“Not only that we also have some important file we got after cookies stealing from the pentagon mail added to that there are some Chinese hackers who collaborate with us”.This is not the first time Pentagon server vulnerable to XSS flaw; in past Anonymous hackers not only exploited XSS but many other vulenrabilities that led to breach of military server, leaking classified secret information online.
Its quite embarrassing that Pentagon website is vulnerable to the most common flaw, which exists in one of its sub domain. This left a question to the Pentagon web security team that such a common XSS flaw exists in their server.
Saturday, February 2, 2013
0
Saturday, February 2, 2013
Nauman Ashraf
Read More..
British Chamber of Commerce Luxembourg Hacked by Tunisian Cyber Army
The official website of the British Chamber of Commerce for Luxembourg has been breached and 900 user information has been leaked by the Tunisian Cyber Army. The hacker called this operation: #OpMali.
Sophisticated attack announced by Hackers on their official Twitter account.
Targeted Site:
According to a doc posted by Hackers on Pastebin, [ Message for the British government ]
Targeted Site:
http://www.bcc.lu/Hackers found SQL Injection vulnerability on the targeted site and dumped the whole data and made it public by posting on popular paste site Pastebin.
According to a doc posted by Hackers on Pastebin, [ Message for the British government ]
Greeting gov of france we are the tunisian cyber army..we are here for justice..No fear No war..his is our dream..for the last few months we was watching you..we follow all your speech about mali and now its our time to talk..you and all those who support attack on mali..will face a cyber war..there is no forgiveness..there is nothing that will stop us..we give you the time to think well..and now is the time for our attack…expect other attack soon..and remember we watch you. we are tunisian cyber army.The leaked data posted on Pastebin includes usernames, addresses, phone numbers, emails and plain text passwords from the chamber of commerce and different other major British financial giants like Barclays bank and ATC Group.
Subscribe to:
Posts
(
Atom
)
