Cross-site scripting (XSS) on the official page of Digea

Digea Digital Provider S.A. is one established by the national private TV channels ALPHA, ALTER, ANTENNA, MACEDONIA TV, MEGA, SKAI and STAR.
On February 7, 2014, it was declared the winner for all the rights to use radio frequencies for national and regional coverage. The company's goal was to build the country's terrestrial digital network and complete the transition from analog to digital television .Digea

Μέχρι το τέλος του 2013 η εταιρεία ενεργοποίησε 13 κέντρα εκπομπής ανά την , δίνοντας πρόσβαση στο ελεύθερο επίγειο ψηφιακό τηλεοπτικό σήμα σε πάνω από το 70% του πληθυσμού της χώρας.

With the completion of the terrestrial digital switchover, 156 broadcast centers were activated, covering the 95% of the Greek population with a digital signal.

The company's achievements are impressive, but according to our well-known researcher Nyo (GHS), the official website of Digea allows malicious or non-malicious users of Cross-site scripting or XSS.

Cross-site scripting or XSS refers to the exploitation of various vulnerabilities of computing systems by inserting HTML or Javascript into a web page. A malicious user could enter code on a webpage through an entry text for example which, having been filtered from the page correctly, could cause problems for the site's administrator or visitor.


The malicious user could:

Trap bills and personal data
Change website settings
Raise false ads through a link

Η refers to the system's inability to filter and reject any harmful inputs.

Look at them sent to us by Nyo


According to the researcher released the XSS as a response to "MEGA - DIGEA threatens with black!"

The video states that “according to the Board of Directors of Digea has decided to proceed with weakening the station's signal despite the fact that negotiations are ongoing between shareholders and banks to find a solution. This means that either a "broken" image with pixels will be displayed, or a "frozen" image and only sound will be heard."

He also says that XSS was not publicized to support a private channel but the end-user viewer.
XSS affects the whole page through javascript and can deform it completely.

That's it .gr είναι στη διάθεση κάθε ενδιαφερόμενου από την διαχειριστική of the page for details of the vulnerability. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).