A whitehat hacker has found out a new vulnerability in HTC’s website. The vulnerability can be used by a prospective attacker to hijack user accounts with the help of cross-site scripting.
This security loophole in the official website of HTC has been revealed by Thamatam Deepak who is a 16-year old whitehat hacker. Deepak revealed that the website was prone to any cross-site scripting attacks since it contained a glaring XSS vulnerability.
Cross-site scripting attacks are launched by injecting malicious scripts into a website. These scripts can perform all kinds of nefarious actions, from accessing sensitive browser data to accessing cookies. To top things up, HTC has not one but many cross-site scripting vulnerabilities any of which could be used to inject malicious scripts into the website.
Another vulnerability that is found in HTC’s website is that of Cookies Handling. By making use of both these vulnerability, an attacker can not only access the sensitive user information but also hack into their accounts.
Thankfully, due to Mr. Deepak’s revelation, HTC is currently working on fixing the problem and patching up these vulnerabilities. These vulnerabilities are found on different pages on the official website, so it may be a while before the website is entirely secure against possible cross-site scripting attacks.
Courtesy: The Hacker News