Stupid Websites
Yesterday Daniel and I found a site that allows stealing ofsessions by changing a parameter in the url. One that is a sequential number. Very high quality and secure. There is probably a way to do some pretty nasty stuff using js injection as well.
On the flipside of that, Cox’s Business Services site considers ” and + to be dangerous characters when typing a note to a customer representative. They could always run it through a few functions and making it safe. Of course they give you a 40×100 window to write your notes in, and just say ‘special characters including ” double quote’ are not allowed, but only after you submit.
Comments are closed.