1 min read

Vulnerabilities in London News Websites get White Hat Banned

Liviu ARSENE

July 11, 2016

Vulnerabilities in London News Websites get White Hat Banned

A series of vulnerabilities have been reported in a couple of NeighbourNET-powered London websites used by London councilors to address local communities.

Ten London websites powered by NeighbourNET were found vulnerable to cross-site scripting, name spoofing and poor user authentication. Security consultant Andrew Tierne, who reported the vulnerabilities, said some of the issues could cause serious problems, allowing an attacker to compromise users and even impersonate their identities.

“It would be fair to say the visual presentation of the sites hints at there being security problems,” wrote Tierne. “A mess of security issues. Considering that local councillors use these sites to communicate with the public, allowing impersonation is a serious issue.”

Emphasizing that an attacker could even embed untrusted code into these websites, the researcher said he believes users could even be exposed to malware. While his testing involved only the embedding of HTML code, JavaScript or Flash content could also be used.

“The site embeds its own content using an URL passed as a GET parameter,” wrote the researcher. “The source of this content is not whitelisted or validated, so you can just embed your own content. This has only been tested with plain HTML, but if JavaScript, Flash or other content could be embedded, this would lead to cross-site scripting or malware delivery to users.”

Before posting his findings online, the security researcher notified the affected parties and allowed 60 days to pass. However, the only response he received was having his account suspended for “misuse of the site.”

Here’s the list of all the websites that were found vulnerable:

  • www.ActonW3.com
  • www.BrentfordTW8.com
  • www.ChiswickW4.com
  • www.EalingToday.co.uk
  • www.FulhamSW6.com
  • www.HammersmithToday.co.uk
  • www.PutneySW15.com
  • www.ShepherdsbushW12.com
  • www.WandsworthSW18.com
  • www.WimbledonSW19.com

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read