ESPN Are Suffering Serious XSS and Dest Redirect Privilege Escalation Security Vulnerabilities
Popular ESPN website (espn.go.com) has been found to be vulnerable to multiple serious XSS and Dest Redirect Privilege Escalation security vulnerabilities according to Wang Jing, a mathematics student from the School of Physical and Mathematical Sciences at Nanyang Technological University in Singapore.
Wang found a large number of ESPN’s credible links were vulnerable to XSS and Dest Redirect Privilege Escalation attacks. These vulnerabilities occur at ESPN’s “login” & “register” pages.
ESPN is one of the most common U.S.-based cable and satellite TV channel with close to 100 million subscribers. Its Alexa global rank is 63 and US rank is 14. Based on eBizMBA, “As of December 1, 2014, ESPN has an estimated 80,000,000 unique monthly visitors.” At the same time, ESPN broadcasts in more than 200 countries.
Wang posted his findings on the Full Disclosure forum
View original post 193 mots de plus