Newsflash

The Arecibo message, transmitted in 1974, was a 1679 pixel image with 73 rows and 23 columns.
 

Main Menu

Home
News
RetroFuture
IpfilterX-u23
ipfilterX News
Programs
Videos
Images
Movies
Music
eBooks
Illuminati
News Feeds
Links
Technology
FAQs
About us
Contact Us
Legal Notes
Search

Affiliates - etc

 23AD
 p2pblocklist
 fileforum
 utc
 cpunk

  nex
  goldrake
 ms
 
   MoonStorm
   lemona
Wbench
    lemonc
xslayradio64
freegary
  nss23
  faceshit
don 

ADSponsor

powered_by.png, 1 kB

Latest Changes

Popular


Home arrow News arrow Internet arrow CIA temptations
CIA temptations Print E-mail
Written by MK23_Sysop   
Saturday, 06 March 2010

 

 ciax

SOURCE.

In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code.

Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist.

For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.

It's a pretty common error. Recently, spammers found a similar bug in Wired.com's search engine and used it to drive up their sites' placement in search engines. Dancho Danchev kindly reported it to us and it's since been fixed..

Still, I am now tempted to add the CIA to the list of media outlets I have written for. And HS's other demo link is pretty funny, as well. Sintonen has a list of other vulns he found here (.txt).

And, by the way, this little hack does not work if you are using Firefox along with the NoScript plug-in.
 
< Prev   Next >
[ Back ]
© 2012 Nexus23 Labs