Follow Cyber Kendra on Google News! | WhatsApp | Telegram

About.com links vulnerable to XSS, XFS iframe attack

About.com links vulnerable to XSS, XFS iframe attack, About Group All Topics (At least 99.88% links) Vulnerable, Over 99 percent of About.com links vulnerable to XSS, XFS, More news for About.com links vulnerable to XSS, XFS iframe attack, hacking websites, researcher vulnerability reports, reports the vulnerability, cyber security experts, information security updates
Popular site for About.com also known as The About Group is been suffered from the highly severity vulnerability and lefts its millions of users under threats. Site which had recorded 98 million visitors in a month, seems that it doesn't care about its users security.

A security researcher, Wang Jing, disclosed Monday that "at least 99.88%" of all topic links and all domains related to About.com are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

Wang Jing have disclosed a massive security loopholes on about.com and he had reported the issue on Sunday, Oct 19, 2014 but Jing received no response. Untill now after the public disclosure he had not received any response and all the vulnerability is still unpatched.

Jing added, 
"Simultaneously, the About.com main page's search field is vulnerable to XSS attacks too. This means all domains related to About.com are vulnerable to XSS attacks."
Because of critical and large scale nature of issue, Jing have made a detailed report and proof-of-concepts video (Shown below) of the vulnerability. He wrote his disclosure on his own blog and also on the security blog.
For  Iframe Injection (Cross Frame Scripting, XFS) attack, Jing says that attacker can used the bug for Denial of service attack against other websites.  According to Jing, the vulnerabilities can be attacked without user login and work across all the popular browsers.

Post a Comment