Security Information Vulnerability Research Security Blog

Putting Cross Site Scripting to Good Use

April 1st, 2007 by Aviram, Filed under: Web, Culture, Funny

My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer.
It’s a neatly done attack (just a small noticeable error on the Cisco site) and it shows pictures of Sharapova which gives it extra credit score :-)

Well done Security Lab!

(queue in the backdoor jokes)

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Is your site safe from XSS Attacks? Use Active Network Scanning to protect your network!

7 Comments:

  1. CumpsD, on April 2nd, 2007 at 2:39 pm Said:

    Fixed it seems, any screenshots? :)

  2. Aviram, on April 2nd, 2007 at 10:08 pm Said:

    Cisco fixed theirs, but mariasharapova.com is still vulnerable. Here’s the text that’s currently there (the one on the Cisco web site was similar):

    Maria Sharapova is glad to announce you her new decision, which changes her all life for ever. Maria has decided to quit the carrier in Tennis and become a Security Expert. She already passed Cisco exams and now she has status of an official CCIE.

    Maria is sure, her fans will understand her decision and will respect it. Maria already accepted proposal from DoD and will work for the US government. She also will help Cisco to investigate computer crimes and hunt hackers down.

    Maria Sharapova is glad to announce you her new decision, which changes her all life for ever. Maria has decided to quit the carrier in Tennis and become a Security Expert. She already passed Cisco exams and now she has status of an official CCIE.

    Maria is sure, her fans will understand her decision and will respect it. Maria already accepted proposal from DoD and will work for the US government. She also will help Cisco to investigate computer crimes and hunt hackers down.

  3. evden eve nakliyat, on April 8th, 2007 at 6:27 pm Said:

    very very nice informations.thank you very much…

  4. a little late, on August 27th, 2007 at 6:21 pm Said:

    well I know this is a little late for this comment, but it seems we now know who the security experts and geeks lusting after CCIE wank off to.

  5. forum, on October 2nd, 2007 at 1:19 pm Said:

    good information your working very nice ;)

  6. evden eve nakliyat, on October 2nd, 2007 at 1:21 pm Said:

    nice collection good job ;)

  7. nickler, on March 26th, 2009 at 2:44 pm Said:

    thanks my baby

Leave a Comment

Security RSS Subscribe


Vulnerability Scanner