Advertisements

 BP website again defaced via XSS to protest against oil spill

Written by DP

Friday, 18 June 2010

Independent security researchers PaPPy and Zeitjak have submitted to the archive a few XSS vulnerabilities affecting BP's official website and allowing for temporary anti-BP website defacements. I had a good laugh when I saw PaPPy's XSS defacement (view screenshot below). Sometimes cross-site scripting proves useful when protesting for a cause...

 You can browse other BP logo defacements here (1000+ logos!!!).

BP.com XSS Mirrors:

www.bp.com XSS vulnerability notified by PaPPy*
pipelines.bp.com XSS vulnerability notified by Zeitjak
airbp-enabler.bp.com XSS vulnerability notified by Zeitjak
energiser.bp.com XSS vulnerability notified by holisticinfosec

Take time to watch this video:


 

PaPPy's BP XSS defacement screenshots:

BP.com XSS website defacement

*PaPPy's XSS was submitted first but I resubmitted it to the archive because the mirroring bot didn't save it properly.

Related News on XSSed:

BP.com defaced with XSS to show Gulf of Mexico oil spill protesters - 7 Jun 2010 - DP


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.