14 DAY TRIAL // The official website belonging to the Information and Communications Ministry of Nepal was discovered as presenting two major vulnerabilities that could allow a hacker to run a piece of arbitrary code.
Team Elite, the ones that discovered the cross-site scripting and iframe injection flaws, already notified the institution to make sure the holes are patched up as soon as possible.
The weak section is actually the contact page. The form it contains can be filled with strings that represent a script or an iframe, which could permit an attacker to execute his own malicious code.
The disclosure was made on November 27, but at the time of writing the vulnerability remains present. Hopefully, the website’s administrators will act quickly on resolving the issue to avoid any unfortunate situations.