FN SECURE: myOpenID XSS : One of the Largest OpenID provider is Vulnerable

Call Us For Workshops Or Seminars.. In Your University, Colleges, or Schools.
Email Us At : vicky@globallyunique.in

Save as PDF

myOpenID XSS : One of the Largest OpenID provider is Vulnerable




One of the One of the Largest Independent OpenID provider "myOpenID" is Vulnerable to Cross Site Scripting (XSS) ,Discovered by "SeeMe" - Member of Inj3ct0r Team. Cross Site Scripting (or XSS) is one of the most common application-layer web attacks.


What Hacker can do - "The attackers can steal the session ID of a valid user using XSS. The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page".

Proof Of Concept Click Here

Leave a Reply

Save this Page

Download as PDF