Cross-site scripting (XSS) on the official page of Digea

Digea Digital Provider SA is a company set up by private national television channels ALPHA, ALTER, ANTENNA, MACEDONIA TV, MEGA, SKAI and STAR.
7 February 2014 was awarded a successful bidder for all rights to use national and regional coverage radio frequencies. The company's goal was to build the country's digital terrestrial network and complete the transition from analogue to digital television.Digea

By the end of 2013, the company activated 13 broadcast centers across Greece, giving access to the free digital terrestrial television signal over 70% of the country's population.

With the completion of the terrestrial digital switchover, 156 broadcast centers were activated, covering the 95% of the Greek population with a digital signal.

The company's achievements are truly impressive, but according to our well-known researcher Nyo(GHS), the official website of Digea allows malicious or non-malicious users Cross-site scripting or XSS.

With the term Cross-site scripting or XSS we refer to the exploitation of various vulnerabilities (vulnerabilities) of computer systems with HTML or Javascript code on a web page. A malicious user could insert code into a web page, through an input text for example, which since it would not be filtered from the page properly, could cause problems for the site administrator or visitor.

Example:

http://www.example.com/index.html?name=

The malicious user could:

Trap bills and personal data
Change website settings
Stolen cookies
To upload false , through some link

Vulnerability refers to the system's inability to filter and reject any harmful inputs.

Check out the screenshots that Nyo sent us

digea

According to the researcher, he published the XSS in response to the video "MEGA - DIGEA threatens with black!"

The video states that "according to information, the Board of Directors of Digea has decided to weaken the station's signal despite the fact that negotiations are underway between shareholders and banks to find a solution. This means that either a "broken" image will be displayed with , or a "frozen" image and only sound is heard. "

https://www.youtube.com/watch?v=FCw3mzqefjg

He also says that XSS was not publicized to support a private channel but the end-user viewer.
XSS affects the whole page through javascript and can deform it completely.

SecNews.gr is available to everyone from the Digea.gr management team for details of the vulnerability.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

20132014alphacookiescross-sitehtmlhttpsI'm surejavascriptmegapixelsscreenshotsscriptingstarXSSyoutube videoadvertisementsnetworkGreececompanyby clicking hereteaminformationproblemsusers

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).