How I Hacked Habrahabr

    I didn’t have an invite a few days ago, but on Habré I was a frequent person and went here on my account.

    A few days ago, I clicked on "Registration", instead of "Login" and saw in front of me the registration form on Habrahabr. "But what if?" - I thought - and began to introduce an XSS vulnerability test in each registration field.

    And here it is! It happened! Vulnerability was detected in the E-Mail field. E-mail was checked for correctness after moving to the next field. There was no filtering in the E-Mail input field, so a message with a one appeared.

    At first I decided to do some dirty work through vulnerability, but then I changed my mind and unsubscribed to tech support.

    It was:

    It became:

    At the moment, the vulnerability is closed, but I have an invite.

    Also popular now: