Many one-click client-side vulnerabilities in the some of the world's most popular web hosting companies that put millions of their customers and visitors at risks and dangers of hacking. A bug-hunter and security researcher Paulos Yibelo, found many vulnerabilities in the most popular hosting providing web sites such us Bluehost, Dreamhost, HostGator, OVH, and iPage. This vulnerabilities will make attackers to simply hack their victims.
Man In Middle Attack,Cross Site Scripting, cross-origin-resource-sharing (CORS) misconfigurations found in Bluehost.
Cross-Site scripting(XSS) flow also found in DreamHost.
CSRF protection bypass and CORS misconfigurations found in HostGator
CSRF protection bypass and API misconfigurations found in OVH
Account takeover flaw and Multiple Content Security Policy (CSP) bypasses found in iPage
The sad part is that most of the company is still lags in giving high security and protection for their users
Comments