A Romanian hacker has posted a
proof-of-concept attack exploiting vulnerabilities on
the Pentagon’s public Website that were first exposed
several months ago and remain unfixed.

The hacker, who goes by Ne0h, demonstrated input
validation errors in the site’s Web application that
allow an attacker to wage a cross-site scripting (XSS)
attack. The XSS vulnerability had been previously
disclosed by at least two

other researchers
several months ago — and Ne0h’s
findings show the bug is still on the site.

Теги:

Оставить мнение

Check Also

Пространство для эксплуатации. Как работает новая RCE-уязвимость в Apache Struts 2

Во фреймворке Apache Struts 2, виновном в утечке данных у Equifax, нашли очередную дыру. О…