Although such websites who are main traffic hubs on the internet tend to put a lot of security measures in place, there’s always a loophole left unattended. Same seems to be the case with an MSN subdomain which, a hacker has discovered, is vulnerable to XSS cross-site scripting.
The vulnerability was discovered by a hacker of Inj3ct0r Team. According to this hacker, the XSS cross-site scripting vulnerability currently exists on a subdomain of MSN, namely http://news.de.msn.com.
This vulnerability makes it possible for a hacker with nefarious intentions to perform a rather popular attack known as ‘code-insertion.’ Another name used for this kind of an attack is called ‘cross-site scripting.’ It enables the hacker to load malicious data to a web application running on a vulnerable page. The malicious data can cause damage to the page, depending upon its very nature.
The hacker who first came across the vulnerability states that the XSS is working fine on the Opera and Internet Explorer browsers. One hopes that now the security loophole has come to light, MSN would be quick to patch it so as to avoid losing any kind of data from its website.
The Inj3ct0r team claims that it attempts to bring such vulnerability to the attention of white hat community so that the community is at par with cybercriminals in terms of their knowledge and skills.
Courtesy: Hacker News