14 DAY TRIAL // A grey hat hacker known as Toxic Worm provided us a proof-of-concept (POC) video to demonstrate the existence of a persistent cross-site scripting (XSS) vulnerability on the popular image hosting website ImageShack.us.
The hacker claims that he found the security hole on March 16 and reported it to ImageShack before making the video POC and the screenshot.
The clip reveals that the Report Abuse or Request Deletion page of the site presents an XSS security hole.
According to the hacker, because the XSS flaw is persistent, it can be leveraged by ill-intended hackers for stealing cookies, XSS tunneling and other malicious operations.
Hopefully, ImageShack administrators address these issues in the upcoming period, especially since in case of an attack the number of potential victims is fairly high.