XSS vulnerability on the SYRIZA official page

Yes XSS on the official page of the ruling party. Following our announcement of the new facility Secleaks offered by .gr, λάβαμε μια ειδοποίηση που αξίζει να δημοσιεύσουμε. Αποστολέας της ευπάθειας (όπως θα δείτε και στην πρώτη εικόνα) είναι ο Nyo από την Greek Hacking Scene (GHS).

We also have the vulnerability links available to any interested manager who wants to resolve the issue.

See the images that show the vulnerability:

XSS

For those who do not know:

By the term Cross-site scripting or XSS we refer to the exploitation of various vulnerabilities of computer systems with HTML or Javascript code on a site. A malicious user could inject code into a website, through an input text for example, which since it would not be filtered by the website properly, could cause problems for the administrator or visitor of the target website.

Example:

http://www.example.com/index.html?name=

The malicious user could succeed:

Theft of passwords / accounts etc of personal data
Change website settings
Theft of cookies
Fake advertising (via, for example, a link)

Vulnerability refers to the weakness of the system that supports the web to filter and reject any harmful inputs.

SecNews.gr remains at the disposal of anyone interested in it of the problem.

Definition of XSS from Wikipedia.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).