HomesecurityUSA: Government websites display porn and Viagra ads

USA: Government websites display porn and Viagra ads

Over the past year we have seen many government websites using .gov and .mil domains hosting pornographic and spam content such as Viagra ads.

One security researcher noticed that all of these sites share a common software vendor.

See also: Governments make targeted advertisements to control behavior

government porn sites
USA: Government websites display porn and Viagra ads

United States of porn

Security researcher Zach Edwards has identified the issue in these .gov and .mil domains and is using a common product provided by Laserfiche.

Laserfiche provides services to the FBI, the CIA, the Ministry of Finance of USA, the army and many other government bodies.

The software product, called Laserfiche Forms, contains a vulnerability that has allowed malicious individuals to promote malicious and unwanted content on reputable government websites.

See also: YouTube Premium Lite: Offers ad-free viewing

Edwards, who has been tracking the flaw for more than a year, has found that websites by U.S. Sen. Jon Tester and the Minnesota National Guard redirect users to Viagra product pages.

He released a video demonstrating the vulnerability in practice, saying he had seen the behavior in "possibly 50 different government subdomains".

Laiserfiche is launching a cleaning tool (not all versions have been fixed)

Laserfiche has now released a security advisory for vulnerability, along with instructions on how to clean the site of unwanted content.

According to the company, the main cause of the issue is an uncertified file upload vulnerability.

Parts of Laserfiche Forms contain a public form that has a file upload field. It can be accessed by unauthorized users to upload files to your web portal and make their content temporarily accessible on the web.

See also: Pinterest blocks weight loss ads

Laserfiche has released a cleaning tool that customers can use to clean up unauthorized downloads made on their web portals.

Source of information: bleepingcomputer.com

Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS