14 DAY TRIAL // The grey hat hacker known as D35m0nd142 identified cross-site scripting (XSS) vulnerabilities on the official site of the renowned telecoms company AT&T.
He told us that the XSS vulnerability could be exploited to steal user accounts if an attacker could convince the potential victim to click on a cleverly designed link.
“In a simple XSS attack hackers can fool users into clicking on a specific page to steal cookies,” he revealed.
D35m0nd142 says that the vulnerability for which he provided the screenshot is just one of the 27 present all over the site.
On past occasions some hackers have accused D35m0nd142 of being a skid because he uses the Acunetix vulnerability scanner. He claims that the scanner is only used to speed up the scans, but the real research is done using conventional methods.
The interview we’ve had with the grey hat as part of the Hackers around the world series can be found here.