Hackers from TeamHav0k return with other cross-site scripting (XSS) vulnerabilities that they found in some major sites. This time the XSS flaws were identified on subdomains of the websites owned by the US Department of Defense, Tricare, the site of the health organization especially purposed for uniformed service members, and the official website of the US Army.
The hackers provided us with a Pastebin document to prove their findings, but they requested us not to publish the proof-of-concept.
Members of TeamHav0k have been highly active lately when it comes to finding XSS security holes in high-profile websites.
NASA, US government organizations and a long list of
university websites were all identified by the hackers as containing these flaws.
For the time being, the hackers only publish PoCs with the purpose of helping administrators patch up the security of their sites, but they claim that at any minute they may turn to the dark side of hacking.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
