You can now find Cyber Kendra on Google News | Telegram

About.com links vulnerable to XSS, XFS iframe attack

About.com links vulnerable to XSS, XFS iframe attack, About Group All Topics (At least 99.88% links) Vulnerable, Over 99 percent of About.com links vulnerable to XSS, XFS, More news for About.com links vulnerable to XSS, XFS iframe attack, hacking websites, researcher vulnerability reports, reports the vulnerability, cyber security experts, information security updates
Popular site for About.com also known as The About Group is been suffered from the highly severity vulnerability and lefts its millions of users under threats. Site which had recorded 98 million visitors in a month, seems that it doesn't care about its users security.

A security researcher, Wang Jing, disclosed Monday that "at least 99.88%" of all topic links and all domains related to About.com are vulnerable to open XSS (Cross Site Scripting) and Iframe Injection (Cross Frame Scripting, XFS) attacks.

Wang Jing have disclosed a massive security loopholes on about.com and he had reported the issue on Sunday, Oct 19, 2014 but Jing received no response. Untill now after the public disclosure he had not received any response and all the vulnerability is still unpatched.

Jing added, 
"Simultaneously, the About.com main page's search field is vulnerable to XSS attacks too. This means all domains related to About.com are vulnerable to XSS attacks."
Because of critical and large scale nature of issue, Jing have made a detailed report and proof-of-concepts video (Shown below) of the vulnerability. He wrote his disclosure on his own blog and also on the security blog.
For  Iframe Injection (Cross Frame Scripting, XFS) attack, Jing says that attacker can used the bug for Denial of service attack against other websites.  According to Jing, the vulnerabilities can be attacked without user login and work across all the popular browsers.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.