Create an Account
username: password:
 
  MemeStreams Logo

CIA.gov XSS | Threat Level
search
Home Agent Weblogs Social Network Post Help About

ubernoir
Picture of ubernoir
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

ubernoir's topics
Arts
  Literature
   Fiction
   Sci-Fi/Fantasy Literature
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
  Events in Washington D.C.
Science
  Astronomy
  Space
Society
  International Relations
  History
Sports
  Football
Technology
  Computers

support us

Get MemeStreams Stuff!


 
CIA.gov XSS | Threat Level
Topic: Technology 6:47 pm EDT, Apr 18, 2008

In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code.

Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist.

For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.

This story went up at 3:26pm, and it's still working at 8:45pm.

This would be great for a prank form...

Update: This is still working today. So much for fast response.. Here is the obligatory memestreams @ cia.gov link.

CIA.gov XSS | Threat Level

Thread [6] - Reply


  
 
Powered By Industrial Memetics		RSS2.0