I found a huge, gaping hole in a piece of software we use in our office! Basically, it’s very vulnerable to a cross site attack , since by just changing a few numbers in the URL, you can gain access to the data of other universities.
Even I, a relative tyro in the geek world, know this is really, really bad code.
That was pretty exciting, and I’m interested to see how this plays out…..
Most interesting to me is taking apart how this works. Or, in our case, doesn’t work. Basically, it’s a web application database. The thing they did that was stupid was to make the user input HTML–in other words, we go to a specific URL (www.bogus.com/files/3456 ) and the “3456” is interpreted by the server to let us see a certain page. But, if a butterfingers like me types 3457…you get a whole different set of data.
That you shouldn’t be able to look at. At all.
One would have thought there would be a password check.
One would think, wouldn’t one?
Fortunately, I don’t have malicious intent, but there are a whole lot of people out there that do….so I’m guessing a bunch of web guys on the west coast are burning some late hours tonight.