BP website again defaced via XSS to protest against oil spill

Written by DP

Friday, 18 June 2010

Independent security researchers PaPPy and Zeitjak have submitted to the archive a few XSS vulnerabilities affecting BP's official website and allowing for temporary anti-BP website defacements. I had a good laugh when I saw PaPPy's XSS defacement (view screenshot below). Sometimes cross-site scripting proves useful when protesting for a cause...

 You can browse other BP logo defacements here (1000+ logos!!!). XSS Mirrors: XSS vulnerability notified by PaPPy* XSS vulnerability notified by Zeitjak XSS vulnerability notified by Zeitjak XSS vulnerability notified by holisticinfosec

Take time to watch this video:


PaPPy's BP XSS defacement screenshots: XSS website defacement

*PaPPy's XSS was submitted first but I resubmitted it to the archive because the mirroring bot didn't save it properly.

Related News on XSSed: defaced with XSS to show Gulf of Mexico oil spill protesters - 7 Jun 2010 - DP

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.