Ucha Gobejishvili, the white hat known as longrifle0x, identified cross-site scripting (XSS) vulnerabilities in Microsoft’s MSN Solutions Center and in their AdCenter Service.
According to the expert, the security holes he discovered could allow an attacker to hijack a session and even steal the user’s account, but for this to happen a certain degree of user interaction is required.
The vulnerabilities were disclosed to Microsoft’s Security Response Center and are currently being investigated. Stay tuned to find out if and when Microsoft addresses these issues.
Other flaws identified by the researcher include some found on the sites of Apple, Forbes, MTV, Google, Ferrari, Myspace, NASA, ESA, and Sun.
He also took part in our interview series called Hackers around the world where he offered some interesting details about his findings and his career.