|
|
|
|
|
|
by nbpoole
5567 days ago
|
|
|
I disagree. 1. There are plenty of proof of concepts you can develop that don't destroy the page. 2. The Quora engineers in question didn't enter stuff into a textbox and leave it alone. They went and publicly disclosed a cross-site scripting vulnerability in a competitor's website. Edit: Ben deleted his "answer" which disclosed the XSS. However, the comments on the answer are still accessible (for now) if anyone is curious about them: http://www.quora.com/Is-Qato-a-serious-Quora-clone-attempt/a... Edit 2: Rick Ross posted a comment there I think is worth highlighting. "In a way, we're grateful to these guys (Ben and Albert) for helping us close a hole. Their method of publicly vandalizing a test site and bragging about it is another matter. A simple email would have sufficed." |
|
|