A Security Researcher from MorX found multiple AOL web sites that are prone to Cross site-scripting exploits. The attacker can execute almost any scripts. Here’s a proof of concept:
- http://www.aim.com/<BLOCKED>?aolp=%22
%3E%3Cscript%3Ealert(‘Hello%20World’)%3C/script%3E
When you click on the link above, it will display a message box saying “Hello World”. You will have to click the OK button before the message totally disappear. Or you can terminate the IE thru your task manager.
To protect you from this type of attacks, you may set your IE’s security settings to High. Here’s how:
- Go to Control Panel and double-click Internet Options.
- Click on Security Tab
- Click on the Internet with a globe icon.
- Move the slider up to High
- Click Apply button then click Ok.