14 DAY TRIAL // Members of TeamHav0k identified another series of cross-site scripting (XSS) vulnerabilities in high-profile websites, including Oracle.com, FCC.gov and NFL.com.
While in the case of Federal Communications Commission (FCC) and National Football League (NFL) the security holes were present on subdomains, in the case of Oracle, the weakness was discovered on the official site’s main domain.
The hackers made screenshots and published proof of concept information on Pastebin to help the administrators patch up the flaws.
The three sites are part of Op XSS, an operation launched by the hackers to prove that many major websites contains serious vulnerabilities that could be easily taken advantage of by cybercriminals.
TeamHav0k also got involved in the cyberwar between Indian and Bangladeshi hackers. They hacked a couple of major sites owned by the government of Bangladesh, but they stated that some Indian sites would follow.
