Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability

Cross-Site Scripting ( XSS ) vulnerability discovered in official website of Kevin Mitnick (one of the most talented hackers, and the one one most prosecuted by the state. Mitnick's hacker handle was "Condor". He became the first hacker to appear on an FBI "Most Wanted" poster, for breaking into the Digital Equipment Company computer network, Mitnick has become something of a celebrity in hacker circles due to his Hacking talent) by Fabián Cuchietti.

This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is change how a page appears to a particular user.

Vulnerable Textbox : strEmail is not filtered some html tags in textbox
Method: Post
Example payload: /"><iframe onload=alert(document.cookie)>

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.