1 post • joined Tuesday 25th August 2009 03:44 GMT
Not just a funny breadcrumb
Not only was this URL-supplied data cached for subsequent visitors but the next day after the breadcrumb fiasco was shown, I found an injection hole in Sears' Craftsman.com website. I was able to place images (and with the img tag, scripts) into the breadcrumb which could have been used to hijack user accounts. (Not that I know anyone with a Craftsman.com account but I suspect they exist.)
Typical unsanitized user data being shown on screen but with the idiocy magnified a thousandfold due to the caching of that data for the next user.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- OHM MY GOD! Move over graphene, here comes '100% PERFECT' stanene
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Beijing leans on Microsoft to maintain Windows XP support