14 DAY TRIAL // An independent security researcher, Shadab Siddiqui, identified a cross-site scripting vulnerability on a subdomain of Redhat.com, the official Red Hat site.
The expert, who possesses several global certifications such as CEH and ECSA, contacted the site’s representatives to inform them on the presence of the security holes.
“I was going through Redhat website I found XSS vulnerability though I have informed the website administrator of the website but I want to show even the best companies are not secured,” Siddiqui told us.
He even provided a couple of screenshots to reveal how he was able to load any other website within the apac subdomain on the Red Hat site. He also demonstrated how the managed to gain access to the site’s cookies.
In the past period, grey hats and security experts identified a large number of XSS weaknesses on many commercial websites. The operations are purposed to show that even though these types of flaws are highly common, they shouldn’t exist at all because they pose major risks to the site’s customers.
