Rorroh's Blog

Just another WordPress.com weblog. Really. It is.

LulzSec’s “The Sun” Takedown July 20, 2011

Filed under: Hacking — Rorroh @ 11:00 am
Tags: , ,

LulzSec is still going strong, and their most recent victim, The Sun, should have seen it coming. I’m not talking about Murdoch’s infamous scandal, although that was really the only reason they attacked The Sun.

LulzSec seemed to manage to not just find a password to play around with, but actually post an article, redirect all users of the site to that article and then, in true form, leak many of their passwords. Surely this was an act of genius. Some little-known underground tricks must have played their part in this, right? As it turns out, The Sun has been vulnerable to attack since at least 2009. What’s more, the vulnerability turned out to be one of the easiest to spot and fix: A cross-site scripting vulnerability. The Sun seemed to be aware of it, but still put that version of the site on an alternate server — a big no-no in the security world.

All it took was that one cross-site scripting vulnerability and the rest was just a break-in waiting to happen. LulzSec used that vulnerability to make the older server a jump host, effectively using it as a tunnel to put JavaScript code into all the site’s articles. The Murdoch article itself, however, wasn’t really on The Sun’s website at all; it was actually being hosted on http://www.new-times.co.uk/sun/ (now taken down, but the link should go to a freze.it archive of the page).

(Source: rootshell.be)