RATE Group | Criminal mastermind injects malicious script into Ethereum tracker. Their message? ‘1337…
36427
wp-singular,post-template-default,single,single-post,postid-36427,single-format-standard,wp-theme-bridge,wp-child-theme-bridge-child,ajax_fade,page_not_loaded,,qode_grid_1300,side_area_uncovered_from_content,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-13.3,qode-theme-bridge,wpb-js-composer js-comp-ver-7.9,vc_responsive
 

Criminal mastermind injects malicious script into Ethereum tracker. Their message? ‘1337…

25 Jul Criminal mastermind injects malicious script into Ethereum tracker. Their message? ‘1337…

Posted at 11:37h in Ethereum News by

[ad_1]

Ethereum-tracking website Etherscan has resolved a cross-site scripting issue on its domain.

Though among the world’s top-2,000 websites (1,379th per Alexa), Etherscan fell foul of one of the net’s most common security slip-ups.

Cross-site scripting (XSS) refers to when a hacker is able to inject a script into a vulnerable site which is viewable by visitors. It is especially useful for running phishing scams or, worse, pushing malicious scripts at site surfers.

Security researcher Scott Helme discovered that the flaw resided in an insecure custom implementation of the Disqus comment system, which generated a pop-up alert box on the Etherscan site. It read: “etherscan.io says l337.”

The Etherscan developers informed users via Reddit. The site temporarily disabled the comment section while it worked to resolve the issue.

When the comments section reappeared, tests by…

[ad_2]

Source link