AOH :: ISNQ5728.HTM

Hacker Exposes Unfixed Security Flaws In Pentagon Website




Hacker Exposes Unfixed Security Flaws In Pentagon Website
Hacker Exposes Unfixed Security Flaws In Pentagon Website



http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=222001155 

By Kelly Jackson Higgins
DarkReading
Dec 08, 2009

A Romanian hacker has posted a proof-of-concept attack exploiting 
vulnerabilities on the Pentagon's public Website that were first exposed 
several months ago and remain unfixed.

The hacker, who goes by Ne0h, demonstrated input validation errors in 
the site's Web application that allow an attacker to wage a cross-site 
scripting (XSS) attack. The XSS vulnerability had been previously 
disclosed by at least two other researchers several months ago -- and 
Ne0h's findings show the bug is still on the site.

The site, which is run by the Office of the Assistant Secretary of 
Defense for Public Affairs, is basically a tourist site for the Pentagon 
and doesn't appear to house any sensitive data. But a security 
researcher who studied the Ne0h's work says the Pentagon Website could 
be used to redirect users to a malicious site posing as the Pentagon 
site.

Daniel Kennedy, partner with Praetorian Security Group, says the session 
ID appears to be a tracking cookie, and JavaScript can be injected into 
the page itself to redirect a user to another site, for instance. "Since 
I can pass that page a reference to an external JavaScript, I can do 
most anything I can do in JavaScript," says Kennedy, who blogged about 
the find yesterday. "That includes basic stuff, like crafting a URL to 
send to users that appears to be from the Pentagon, but actually 
redirects to 'evil.org,'" for example, he says. 

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods