Website of US military Pentagon Channel has discovered to contain cross-site scripting – XSS – vulnerability by Iranian hacker Dr.3v1l. XSS enables attackers to inject client-side script into Web pages viewed by other users. Dr.3v1l discovered and used vulnerability safely to prove poor security causing alert box with text ‘XSS By Dr.3v1l’.
Pentagon Channel broadcasts military news and information for the members of the U.S. Armed Forces. Pentagon Channel website is PentagonChannel.mil.
Dr.3v1l posted message with proof of vulnerability:
Founded by Dr.3v1l
Black_Devils B0ys Team
Red Hat Hackers
Dr.3v1l is member of Iranian security team Black_Devils B0ys Team and Red Hat Hackers. Dr.3v1l previously made hack of websites CVideo.co.il and New York Times.
Website Taken Down
Owner of Pentagon Channel website taken site offline for security reasons after Dr.3v1l post vulnerability information online.
At this moment Pentagon Channel server is refusing connection with 403 error.