14 DAY TRIAL // A subdomain of the site owned by the US Federal Trade Commission (FTC.gov) has been found to contain a cross-site scripting (XSS) vulnerability.
The hacker that found the vulnerability, Gambit, provided Softpedia with a proof of concept that demonstrates the existence of the security hole.
“I haven't done anything for a while and I was bored. So I decided to look for something really fast on the FTC's site. Found an XSS, took me all of a minute,” the hacker said.
The screenshot shows how an attacker could leverage the weakness to alter the site’s appearance and insert arbitrary content that’s designed to phish out user credentials or point the site’s visitors to a malware-laden domain.
The vulnerability has not been reported to FTC representatives, the hacker stating that he only reports to companies and not government bodies.