BP.com defaced with XSS to show Gulf of Mexico oil spill protesters

 

Security researcher who goes by the nickname "holisticinfosec" (holisticinfosec.org), has submitted a rather funny cross-site scripting (XSS) vulnerability affecting the official British Petroleum (BP) company website. Due to improper input handling, he was able to deface the page and display an image showing oil spill protesters waving anti-BP banners - one banner read "Billionaire Polluters" aka "BP" (See Screenshot below).

 

 

The oil and gas giant may cease doing business in the near future, despite the public relation efforts to maintain and protect the company's reputation, enhance its prestige while being a menacing factor, and present a favorable helpful, "green" and trustworthy business image...

 

 

BP's share price is going down, the number of lawsuits against BP increases, as well as the millions of angry, peaceful and eco-conscious protesters worldwide who demand to shut them down.

 

I believe this is one of the first hacktivism examples against online BP properties, with more to follow in the coming weeks.