| |
The URL to the defect below was emailed to me earlier today. Yes, this is an actual live site. Where do I start?
Can you say "hack me"? This is a security issue (Severity 1). You can't let this stuff bubble up to the user! With the information provided, it wouldn't be too hard to figure out the whole schema and start doing some evil things.
How could they have prevented this? This kind of issue could have been caught with security standards, unit tests, and good ol' functional testing. |
|