[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] example of bad web programming

To: interchange-users@developer.akopia.com
Subject: [ic] example of bad web programming
From: Doug Alcorn <doug@lathi.net>
Date: Thu May 31 18:19:01 2001
List-Archive: <http://lists.akopia.com/pipermail/interchange-users/>
List-Help: <mailto:interchange-users-request@lists.akopia.com?subject=help>
List-Id: Interchange Users (high volume) <interchange-users.lists.akopia.com>
List-Post: <mailto:interchange-users@lists.akopia.com>
List-Subscribe: <http://lists.akopia.com/mailman/listinfo/interchange-users>,<mailto:interchange-users-request@lists.akopia.com?subject=subscribe>
List-Unsubscribe: <http://lists.akopia.com/mailman/listinfo/interchange-users>,<mailto:interchange-users-request@lists.akopia.com?subject=unsubscribe>
Reply-To: interchange-users@lists.akopia.com
Sender: interchange-users-admin@lists.akopia.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Solid Vapor)

This isn't exactly on topic, but was so funny I had to put up a link
somewhere. :)

https://online.bankone.com/bank/bolLogin.asp?bolErrorMsgStr=This+is+Stupid+I+Think

This is a legitimate web site.  It is actually bankone.com.  The
foible is that they allow an arbitrary text message to be put in the
url.  I don't think there's any real way to exploit this, per se.
However, it just stinks to me as bad design.

As an asside, I wonder if there's a way to force a buffer overflow
with this?
-- 
 (__) Doug Alcorn (mailto:doug@lathi.net http://www.lathi.net)
 oo / PGP 02B3 1E26 BCF2 9AAF 93F1  61D7 450C B264 3E63 D543
 |_/  If you're a capitalist and you have the best goods and they're
      free, you don't have to proselytize, you just have to wait.

Prev by Date: Re: [ic] Redhat ftpd problem hurting my IC use
Next by Date: [ic] [perl] tag question
Prev by thread: Re: [ic] Redhat ftpd problem hurting my IC use
Next by thread: [ic] losing modifiers on checkout (upgrade from 4.6 to 4.7)
Index(es):
- Date
- Thread