Few days ago, blog.hr came out with a new version of their application. They had a fishing attack on the first day, and few days later, someone used the technique explained in my earlier post. As I've read on their site and in the newspaper, cookies were stolen, JavaScript was injected and blogs were defaced. It seems that only around 50 users were affected by this attack, but the sad thing is that the new version of the application is still very open to any kind of JS injection.
No comments:
Post a Comment