14 DAY TRIAL // Hulu offers TV shows, movies, webisodes and other media materials from over 350 content providers such as Fox, NBC and ABC. If they do a really great job of entertaining people, when it comes to security, the company has a lot of holes.
In his search to identify websites owned by high-ranked organizations, independent security researcher Shadab Siddiqui found that Hulu’s public website contains a lot of security holes that could be exploited by black hats.
As the screenshots provided by the expert demonstrate, an attacker could hijack sessions, leak internal IPs, launch cross-site scripting (XSS) and Iframe Injection attacks, and much more.
The images show the extent of damage that can be caused on the website, but the expert claims that the risks that hide behind the XSS vulnerability are even higher if the attacker decides to use an XSS Shell.
Hulu was contacted almost a week ago, but so far they haven’t responded. We’ll update the article as soon as more information becomes available.
