XSS vulnerabilities in multiple sites certified as “Hacker Safe”
More than 60 web sites certified to be “Hacker Safe” by McAfee’s ScanAlert service were reported as vulnerable to XSS attacks, including the ScanAlert web site itself. Joseph Pierini, director of enterprise services for the “Hacker Safe” program, maintains that XSS vulnerabilities can’t be used to hack a server:
Cross-site scripting can’t be used to hack a server. You may be able to do other things with it. You may be able to do things that affect the end-user or the client. But the customer data protected with the server, in the database, isn’t going to be compromised by a cross-site scripting attack, not directly.
Another McAfee quote that is certain to become a timeless hacker classic is “we go in like a super hacker“.