One late night we decided to take a look at the website of the big german broadcaster “RTL”. There have been some reports about vulnerabilites on rtl.de, but often you just have to take another look and you will find another vulnerability.

During our tests of news we found the website of the public TV tranmitter N24. The website is an addition to the common TV show the broadcast system is hosting, and so the website offers many additional informations.

Kika is the name of a tv channel maintained by ARD and ZDF. This channel is very popular to childrens, because programs like “Sendung mit der Maus” or “Sandmännchen” are broadcasted there. Wikipedia states that the website kika.de offers the possibility to watch livestreams or gather additional information about the programs. In our opinion is very important especially when the user group is yound and unexperienced. This was our main reason to take a look at kikas security.

The mid-age browsergame “KingsAge” is maintained by Gameforge. The essence of this game is to create your own kingdom and fight again other players to expand your kingdom. Gameforge offeres seperate “worlds” for each language, where 1000 up tp 25000 players are active. We discovered multiple cross site scripting vulnerabilities in the game.

While looking for some videos we came across the video store at videoworld.de. Only two seconds later, while typing into the search field, we discovered a cross site scripting issue.

In the near past we’ve scanned some well known grocery stores of germany. Many people are visiting their homepages, and so hackers might be interested that websites. However, we discovered some cross site scripting vulnerabilites in a forgotten script at lidl.de’s homepage.