In OP XSS 2.0, the hackers focused on websites belonging to the US government and education institutions, but this time their findings come with a message.
While this list may be impressive, the list of government websites is even more so. XSS vulnerabilities were found in Readiness and Emergency Management for Schools, Rhode Island Office of the Secretary of State, Library of Congress, Brookhaven National Laboratory, Virginia Employment Commission, hosted on a Commonwealth of Virginia subdomain, The Nation’s Report Card, and even Feds Hire Vets.
“One thing I will say for sure. If SOPA or PIPA ever resurface 359 companies and corporations will pay for their betrayal to freedom,” he said.
The government website were proven vulnerable to show that the hacker collective means business “and to show that security on a Government server is just pathetic.”
“The edu`s were just for the lulz though I reported them,” he added.
Besides the .edu and .gov websites, the popular comedy site of Turner Broadcasting Systems (TBS) and a free hosting site were also proven to be vulnerable. We have contacted the former to find out whether they plan on taking any measures to resolve the vulnerability.
XSS vulnerabilities are highly common in public websites. Unfortunately, they’re also highly serious because they could allow an attacker to execute arbitrary code and launch malicious campaigns targeting the sites' visitors.