Putting Cross Site Scripting to Good Use

My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer.
It’s a neatly done attack (just a small noticeable error on the Cisco site) and it shows pictures of Sharapova which gives it extra credit score :-)

Well done Security Lab!

(queue in the backdoor jokes)

Share
  • http://weblogs.asp.net/cumpsd CumpsD

    Fixed it seems, any screenshots? :)

  • http://www.BeyondSecurity.com Aviram

    Cisco fixed theirs, but mariasharapova.com is still vulnerable. Here’s the text that’s currently there (the one on the Cisco web site was similar):

    Maria Sharapova is glad to announce you her new decision, which changes her all life for ever. Maria has decided to quit the carrier in Tennis and become a Security Expert. She already passed Cisco exams and now she has status of an official CCIE.

    Maria is sure, her fans will understand her decision and will respect it. Maria already accepted proposal from DoD and will work for the US government. She also will help Cisco to investigate computer crimes and hunt hackers down.

    Maria Sharapova is glad to announce you her new decision, which changes her all life for ever. Maria has decided to quit the carrier in Tennis and become a Security Expert. She already passed Cisco exams and now she has status of an official CCIE.

    Maria is sure, her fans will understand her decision and will respect it. Maria already accepted proposal from DoD and will work for the US government. She also will help Cisco to investigate computer crimes and hunt hackers down.

  • http://www.evdenevenakliyatcim.biz evden eve nakliyat

    very very nice informations.thank you very much…

  • a little late

    well I know this is a little late for this comment, but it seems we now know who the security experts and geeks lusting after CCIE wank off to.

  • http://www.hayalbahcesi.net forum

    good information your working very nice ;)

  • http://www.evdenevenakliyatcim.net evden eve nakliyat

    nice collection good job ;)

  • http://www.nickler.gen.tr nickler

    thanks my baby