XSS vulnerability on the SYRIZA official page

Yes XSS on the official page of the ruling party. Following our announcement of the new facility Secleaks offered by SecNews.gr, we received a notice that is worth publishing. The sender of the vulnerability (as you will see in the first picture) is Nyo from the Greek Hacking Scene (GHS) team.

The links of the vulnerability are also available to us, for any interested administrator who wishes to resolve it .

See the images that show the vulnerability:

XSS

For those who do not know:

Με τον όρο Cross-site scripting ή ΧSS αναφερόμαστε στην εκμετάλλευση διάφορων ευπαθειών (vulnerabilities) υπολογιστικών συστημάτων με εισαγωγή κώδικα HTML ή Javascript σε κάποιο site. Κάποιος κακόβουλος χρήστης, θα μπορούσε να εισάγει κώδικα σε έναν ιστοχώρο, μέσω ενός κειμένου εισόδου για παράδειγμα, ο οποίος αφού δεν θα φιλτραριζόταν από τον ιστοχώρο σωστά, θα μπορούσε να προκαλέσει to the administrator or visitor of the target website.

Example:

http://www.example.com/index.html?name=

The malicious user could succeed:

Theft of personal passwords/accounts etc
Change website settings
Theft of cookies
Fake (via, e.g., a link)

Vulnerability refers to the weakness of the system that the site supports to filter and reject any harmful inputs.

SecNews.gr remains at the disposal of any interested party to solve the problem.

XSS definition from .

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).