KebaweThe HairyThe Lord Of The Rings - Wallpapers & GraphicsMike Oldfield - Tubular.netEgunero Bat - One Drawing A Day   
Welcome Graphics Comics Wallpapers Music Software About Kebawe's smilies: Smellies

pssst.qc.ca security hole

Last week-end, I’ve discovered a security hole at pssst!, a small Quebecois forum. The comments appear on the same page as the submission fields (post, username, password), and you can (well, you could) put whatever you want in the comments, including Javascript. So I’ve hidden in a comment a script that installed an event triggered by the Submit button that sends to my server the username and password posted, and I got all the usernames/passwords of people who posted after my comment. It was not a very technical hack but nobody thought about it before me.

Comments are closed.

Sorry, we had to shut down JustOneMoreThing.com, the original fake Steve Jobs' blog. Please beware of tasteless clones. Seriously.


Home | Graphics | Comics | Wallpapers | MP3 | Software | About/Contact | Email this page

Kebawe
© 2001-2014 Kebawe. All rights reserved.