Flaw allowed threat actors to inject malicious scripts displaying dubious ads on search results.
More than 350 websites have been compromised as part of a campaign that involved the abuse of an old medium-severity reflected cross-site scripting vulnerability in the Krpano framework.
Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said “it was an industrial-scale abuse of trusted domains." Exploiting the reflected XSS flaw, tracked as CVE-2020-24901, allowed threat actors to inject malicious scripts displaying dubious ads on search results.
"A reflected XSS is a fun vulnerability but on its own requires user interaction, and one of the biggest challenges is to make people click your reflected XSS link. So using search engines as a distribution platform for your XSS is a very creative and cool way to do it," said Zaytsev.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
