mailing list archives
JS embedding @ www.reed.co.uk
From: "elaborate ruse" <elaborateruse () trust-me com>
Date: Tue, 26 Mar 2002 17:15:34 -0600
Title: JS embedding @ www.reed.co.uk
Author: elab (http://elaboration.8bit.co.uk)
Problem: Improper input validation during sign up process allows users to
Vendor Status: Contacted on: 17:00 GMT 14 March 02
Response: Within 2 hours
Due to improper input validation users are able to insert/embed
Once the registration process is complete viewing the user's
profile will download and execute the embedded JS.
The problem was fixed by the vendor within 5 working days of
it being reported.
form they are be redirected to an error page.
The vendor was contacted on 17:00 GMT 14 March 02 via an online
contact form and replied within 2 hours with a professional and
Official vendor response:
"We are happy to acknowledge the part elab played in alerting
us to an absence of validation on one of our site's forms.
Although this was never exploited, and has now been corrected
on the site, we are most grateful to elab for pointing it out".
Credit is given to the vendor for handling this issue in the
Free email with personality! Over 200 domains!
- JS embedding @ www.reed.co.uk elaborate ruse (Mar 27)