4tt4ck3r Finds Flaw in UK Government Websites

Iranian hacker 4tt4ck3r has previously found Reflected XSS -Cross Site Scripting- vulnerabilities in government websites of the UK as follows :

Parliament of the United Kingdom

The vulnerable website address is : https://www.parliament.uk/search/results/
The URL of website changed to this type : https://www.parliament.uk/search/results/?q=HellO -or other choice-

XSS scripts can be run with different bypass methods of this vulnerability. The ‘head’ bypass method and ‘Encoding’ the script would look like:


The Encoded script would look like :


The Encoded script on this website would look like :


Find details of the vulnerability here

The Security Industry Authority -SIA- of United Kingdom Home Office

The vulnerable page of this website is : http://www.sia.homeoffice.gov.uk/Pages/SearchResults.aspx

The URL of website can be changed like this example : http://www.sia.homeoffice.gov.uk/Pages/SearchResults.aspx?Search=4TT4CK3R
Running the script on this website would be :


This website also enables capture of the cookies as follows :


Find details of the vulnerability here
The vulnerability was discovered by : Dark Killer and the team is : Dark Killer , 4TT4CK3R , RxM_BR , Sina Titan

Leave a Reply

Your email address will not be published. Required fields are marked *