Advertisements defaced with XSS to show Gulf of Mexico oil spill protesters

Written by DP

Monday, 7 June 2010

Click to view the XSS defacement
Security researcher who goes by the nickname "holisticinfosec" (, has submitted a rather funny cross-site scripting (XSS) vulnerability affecting the official British Petroleum (BP) company website. Due to improper input handling, he was able to deface the page and display an image showing oil spill protesters waving anti-BP banners - one banner read "Billionaire Polluters" aka "BP" (See Screenshot below). XSS Mirror:
The oil and gas giant may cease doing business in the near future, despite the public relation efforts to maintain and protect the company's reputation, enhance its prestige while being a menacing factor, and present a favorable helpful, "green" and trustworthy business image...
An online example of BP's PR & Marketing efforts
BP's share price is going down, the number of lawsuits against BP increases, as well as the millions of angry, peaceful and eco-conscious protesters worldwide who demand to shut them down.
I believe this is one of the first hacktivism examples against online BP properties, with more to follow in the coming weeks.
Click to view the XSS defacement

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.