Home / Vulnerability / 2 US gov websites and of Mozilla is vulnerable to XSS injection
megafab security

2 US gov websites and of Mozilla is vulnerable to XSS injection


 Megafab has discovered Cross-site scripting vulnerability in 2 government websites of United States and in the official website of Mozilla corporation.

Cross-site scripting is a security hazard that allows crackers to interfere with your program’s logic by inserting their own logic. – www.google.com.ph/search?q=define+xss

The 2 government websites of United States are the following:

  1. Argonne National Laboratory
    A sub domain is affected (mcs.anl.gov)
    Proof of concept:
    URI here. .
  2. National Oceanic and Atmospheric Administration
    Proof of Concept:
    Click here.

Both websites fail to sanitize the p parameter.

In addition to those websites, the official website of mozilla appears also being pawned by Megafab. If you will visit this proof of concept link sent to me, a pop up message will show, “megafab was here.”

Like us on Facebook to be updated! View all details here.

About Clifford Trigo

Hi there! I am Clifford Trigo from the island of Bohol, come over here and lets have fun! :3 Just keep reading :D