Follow Us on WhatsApp | Telegram | Google News links vulnerable to XSS, XFS iframe attack

Table of Contents
Popular site for also known as The About Group is been suffered from the highly severity vulnerability and lefts its millions of users under threats. Site which had recorded 98 million visitors in a month, seems that it doesn't care about its users security.

A security researcher, Wang Jing, disclosed Monday that "at least 99.88%" of all topic links and all domains related to are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

Wang Jing have disclosed a massive security loopholes on and he had reported the issue on Sunday, Oct 19, 2014 but Jing received no response. Untill now after the public disclosure he had not received any response and all the vulnerability is still unpatched.

Jing added, 
"Simultaneously, the main page's search field is vulnerable to XSS attacks too. This means all domains related to are vulnerable to XSS attacks."
Because of critical and large scale nature of issue, Jing have made a detailed report and proof-of-concepts video (Shown below) of the vulnerability. He wrote his disclosure on his own blog and also on the security blog.
For  Iframe Injection (Cross Frame Scripting, XFS) attack, Jing says that attacker can used the bug for Denial of service attack against other websites.  According to Jing, the vulnerabilities can be attacked without user login and work across all the popular browsers.
Read Also
Post a Comment