Alexander Fuchs and Benjamin Kunz Mejri from the Vulnerability Research Laboratory discovered a persistent script code injection vulnerability in the White House's official website.
The vulnerability, rated as a high security risk, affected the site's petition system. A successful exploitation of the weakness could have allowed an attacker to inject a malicious code, which may have led to things such as backend session hijacking, manipulation of profile content or defacement.
“The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system,” Fuchs said, according to
The Hacker News.
Fortunately, the issue was handled in a matter of days but after the latest
incidents it turns out that the White House should really improve on their security before cybercriminals discover some other flaws.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
