14 DAY TRIAL // The newly formed grey hat collective called BlitzSec provided their findings regarding the presence of cross-site scripting (XSS) vulnerabilities in some major websites, including Amazon and the World Health Organization (WHO).
“Felt like getting some of our finds out there in the open. The two most notable finds in this release are XSS's in the main site of Amazon (Amazon.com) and a sub-domain of The World Health Organization (apps.who.int). Expect more! :)” a BlitzSec representative wrote.
It turns out that Amazon.com contains the most common vulnerability there is, the hackers providing proof of concepts (POCs) that show the flaws really do exist in both Amazon’s and the WHO's website.
Another site that was found to be vulnerable by the hacker team is the one of the Kentucky Wesleyan College. BlitzSec also made available some POCs that highlight flaws in Music.com, Lyrics.com, and Southeastern Illinois College.
The highly dangerous security hole identified on the sites can be used for things such as cookie stealing, XSS tunneling and XSS attacks using Metasploit (XSSF).
