http://qjnpre4wogldryzvggqsrqxtxytqkjnftrwyi4njc4qexpahmdbiq3qd.onion/125-2/index.html
“To trigger this XSS attack all the attacker need do is to write a simple post in the DJI forum which would contain the link to the payload,” the researchers explained in a report published today. “A user who logged into DJI Forum, then clicked a specially-planted malicious link, could have had his or her login credentials stolen to allow access to other DJI online assets,” Once captured, the login cookies, which include authentication tokens, can then be re-used to take...