Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

20 February 2007

El-Akhbar XSS


My friend Zeinobia noticed that El-Akhbar newspaper's website (http://www.elakhbar.org.eg) was hacked by some Turkish hackers today.

So, I wrote the newspaper's web address in the browser, and I was then redirected to the Turkish hackers site (http://www.cyber-protest.org/HACKED/uyari.php).

I thought it was a DNS Cache Poisoning at the beginning, but I used a tool - Internet Explored plugin - called HttpWatch in order to see the various request between my browser and the server. Which showed me that when I accessed "http://www.elakhbar.org.eg/", I was then redirected to "http://elakhbar.org.eg/service/home/", which redirected me to the hackers page after that. So after looking at "http://elakhbar.org.eg/service/home/" page source, I found the following HTML code.

Click on the code to enlarge
So, most probably, the newspaper had some poll on their site, and it seems that the site was vulnerable to Cross Site Scripting (XSS). And the hacker used this to insert some script that redirects the users to their page using the poll form.

Update: El-Akhbar have fixed it now.

Tags: , , ,