A Romanian hacker has posted a
proof-of-concept attack exploiting vulnerabilities on
the Pentagon’s public Website that were first exposed
several months ago and remain unfixed.
The hacker, who goes by Ne0h, demonstrated input
validation errors in the site’s Web application that
allow an attacker to wage a cross-site scripting (XSS)
attack. The XSS vulnerability had been previously
disclosed by at least two
other researchers several months ago — and Ne0h’s
findings show the bug is still on the site.