Injector Hackers Reveal XSS Vulnerability on myOpenID

Cross-site scripting is an issue that affects a large number of websites

Nov 11, 2011 19:11 GMT · By Eduard Kovacs

myOpenID is affected by an XSS vulnerability

14 DAY TRIAL // JUST $1.00 Play Starfield, Forza Motorsport, and hundreds of other PC games for one low monthly price.

A hacker called SeeMe showed that one of the largest independent OpenID providers is vulnerable to a cross-site scripting attack.

According to The Hacker News, the hacker made a proof-of-concept page just like in the case of the Speed Bit search engine we saw yesterday.

By making use of the flaw, attackers can steal a session ID of a valid customer which they can use to browse the website logged in as the victim.

“The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers,” the hacker said.

#myOpenID#XSS vulnerability#OpenID provider

hot right now

Microsoft Announces Windows 11 “Moment 2” Update: The new update is live with a ton of features

The Most Anticipated Game Releases of March 2023: One of those months dominated by indies and re-releases

Samsung Galaxy S23 Ultra Copies an iPhone 4 Feature, But Wait, It’s a Good Thing: The device comes with a truly removable battery

Nokia Makes Repairing Its New-Generation Phones Child’s Play: The right to repair is already changing the mobile world

Windows 11 Accidentally Offered to Unsupported Computers: The software giant says it was all a mistake

Blood Bowl 3 Review (PC): Get ready for gore, tactics, and tons of dice rolls

iPhone 15 Could Feature a 6.2-inch Display: And the Pro could embrace the same approach too

news tip

feedback