Research: Remarkable 2nd order XSS @ Amazon or How to hack Amazon with a book

Research: Remarkable 2nd order XSS @ Amazon or How to hack Amazon with a book

Best security hole ever: author publishes JavaScript exploit in his book. Amazon puts book text online without sanitizing the code. Web browsers then run the code, which is a Bad Thing. (via Les Orchard’s shared Google Reader thingy)

George Hotelling

Leave a Reply