Hacker #tricks official #Vatican News site into #declaring #God an #onion
Source: National Cyber Security News
A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.
The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.
De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.
Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.
Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.
In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.
View full post on National Cyber Security Ventures