Some Popular Web Hosting Companies found Vulnerable

some-popular-web-hosting-provider-found-vulnerableA security researcher has identified multiple vulnerabilities to take over web hosting provider customer’s account if your account in Bluehost, Dreamhost, HostGator, OVH, and iPage then be aler,   from the largest web hosting companies on the internet. Could be compromised with one click client-side vulnerabilities

Paulos Yibelo a strong passion for Web Application Security and Applied Security Research, who share with his new research to GlobalHackNews to identified  about a dozen dangerous security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to approximately eight million domains “All five had at least one serious vulnerability allowing a user account hijack,” he told GlobalHackNews, with which he shared his findings before going public

Vulnerable Reported in Popular Web Hosting Provider

This research was done by Paulos Yibelo, experimented all the five web hosting provider find vulnerabilities and found several accounts takeover oss-scripting, and information disclosure vulnerabilities.[Source :-websiteplanet]

1. Bluehost – Web Hosting Companies Vulnerable

Endurance International Group (EIG) formerly BizLand, is a web hosting company owned by Endurance which also owns Hostgator and iPage, the three hosting provide more than 2 million sites in the world. Bluehost – Multiple Account Takeover and Information Leak Vulnerabilities.

  • Information leakage through cross-origin-resource-sharing (CORS) misconfigurations
  • Account takeover due to improper JSON request validation CSRF
  • A Man-in-the-middle attack can be performed due to improper validation of CORS scheme
  • Cross-site scripting flaw on my.bluehost.com allows account takeover (demonstrated in a proof-of-concept, below)

2.Dreamhost—Web Hosting Companies Vulnerable

DreamHost is a Los Angeles-based web hosting provider and domain name registrar. It is owned by New Dream Network the hosting provider more than one million domains were found vulnerable to:

  • Account takeover using cross-site scripting (XSS) flaw

3. HostGator

  • Site-wide CSRF protection bypass allows complete control
  • Multiple CORS misconfigurations leading to information leak and CRLF

4. OVH Hosting 

OVH is a French cloud computing company that offers VPS, dedicated servers and other web services. the company more than four million domains around the world was found vulnerable to:

  • CSRF protection bypass
  • API misconfigurations

5. iPage Hosting

  • Account takeover flaw
  • Multiple Content Security Policy (CSP) bypasses