14 DAY TRIAL // A hacker reports that he has uncovered a cross-site scripting (XSS) vulnerability on military.com, a military organization with more than 10 million members. The same security expert identified an XSS and a redirect flaw on a subdomain of the US Department of Defense (dod.mil).
According to the hacker, Gambit, the XSS security holes are not persistent, but that doesn’t mean they're not dangerous. To prove his findings, he provided screenshots of the vulnerabilities in action.
The redirect weakness present on the website of the DOD can’t be demonstrated with a screenshot, but Gambit has provided us with a proof of concept which we have been able to verify.
Because the vulnerabilities haven’t been patched yet, we will not be providing a link to the proof of concept (POC) the hacker posted on Pastebin.
“Well I don't report to government sites, I do hope that they at least patch their systems,” he wrote next to the POC .
