How I hacked Habrahabr
I didn’t have an invite a few days ago, but on Habré I was a frequent person and came here on my account.
A few days ago I clicked on “Register” instead of “Login” and saw before me the registration form for Habrahabr. "What if?" - I thought - and began to introduce a test for XSS vulnerability in each field of registration.
And here it is! It is finished! Vulnerability was detected in the E-Mail field. E-mail was checked for correctness after the transition to the next field. There was no filtering in the E-Mail input field, so a message appeared with one.
At first I decided to do some black deed through vulnerability, but then I changed my mind and unsubscribed to tech support.
')
It was:
It became:
At the moment, the vulnerability is closed, and I have an invite.
A few days ago I clicked on “Register” instead of “Login” and saw before me the registration form for Habrahabr. "What if?" - I thought - and began to introduce a test for XSS vulnerability in each field of registration.
And here it is! It is finished! Vulnerability was detected in the E-Mail field. E-mail was checked for correctness after the transition to the next field. There was no filtering in the E-Mail input field, so a message appeared with one.
At first I decided to do some black deed through vulnerability, but then I changed my mind and unsubscribed to tech support.
')
It was:
It became:
At the moment, the vulnerability is closed, and I have an invite.
Source: https://habr.com/ru/post/197466/
All Articles