XSS VULNERABILITIES FOUND ON UBER WEBSITES

Posted on

A security researcher has uncovered four cross-site scripting (XSS) vulnerabilities on travel site Uber, a day after an XSS vulnerability was found on the website of private car service Uber, according to posts on xssposed.org.

The Uber vulnerabilities, reported by a security researcher that goes by the handle Nasrul07, made it possible for hackers to modify page contact and execute attacks to steal user credentials and post false reviews on the site. As of the researcher’s post on Tuesday, the vulnerability remains unpatched.

XSS VULNERABILITIES FOUND ON UBER WEBSITES

The flaw reported on Uber, by a researcher that goes by E1337, would allow the theft of visitors’ cookies, personal details and browser history as well as authentication credentials.

The discovery comes at an inopportune time for Uber, which recently announced a $50 billion financing round in preface to its IPO.

Source:http://www.scmagazine.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s