Airline, Myspace, Banks, Government websites vulnerable to Hackers

Cross Site Scripting (XSS) is currently the most common vulnerability in the world. This is vulnerability of some host which allows anyone to inject code/scripts into the page. The injected scripts could be html tags, javascript script, vbscript scripts.

A Hacker with virtual name 'Human mind cracker' expose similar vulnerabilities in some big and Important sites, like Israel airline, Myspace, MTV website, Sweden government, Bangladesh bank, Nasa subdomain, Brown University, Afghanistan government website and Rome government website.

In a pastebin note, hacker disclose the vulnerabilities and exact working links. These Cross Site Scripting existence is because of the lack of filtering engines to user inputs at websites, forms and web servers.

Most of the time readers thinks that XSS is a very minor bug and having very less impact. But if implemented in a better way, that can harm all the visitors who will visit infected site.

One of the biggest risk here is to the administrator of such vulnerable sites (that most obvious belongs to government agencies, banking departments, educational administrations) fris upon receiving an email with a script or link that will use the XSS vulnerability on the administrator and will steal his files/data/passwords/cookies.

We know that XSS combined with Social Engineering always perform best for an attacker. Technology is changing, and hacker attacks are getting more sophisticated but with our aim we are keep on trying educate maximum number of people via The Hacker News. Be in touch, Be regular, Be Safe !