How I Hacked Habrahabr
I didn’t have an invite a few days ago, but on Habré I was a frequent person and went here on my account.
A few days ago, I clicked on "Registration", instead of "Login" and saw in front of me the registration form on Habrahabr. "But what if?" - I thought - and began to introduce an XSS vulnerability test in each registration field.
And here it is! It happened! Vulnerability was detected in the E-Mail field. E-mail was checked for correctness after moving to the next field. There was no filtering in the E-Mail input field, so a message with a one appeared.
At first I decided to do some dirty work through vulnerability, but then I changed my mind and unsubscribed to tech support.
It was:
It became:
At the moment, the vulnerability is closed, but I have an invite.
A few days ago, I clicked on "Registration", instead of "Login" and saw in front of me the registration form on Habrahabr. "But what if?" - I thought - and began to introduce an XSS vulnerability test in each registration field.
And here it is! It happened! Vulnerability was detected in the E-Mail field. E-mail was checked for correctness after moving to the next field. There was no filtering in the E-Mail input field, so a message with a one appeared.
At first I decided to do some dirty work through vulnerability, but then I changed my mind and unsubscribed to tech support.
It was:
It became:
At the moment, the vulnerability is closed, but I have an invite.