Hacker News new | ask | show | jobs
by cesarb 67 days ago
> Five minutes later, I check and it had found a /cancel.php URL that accepted an ID but the ID wasn't exposed anywhere, so it found and was exploiting a blind SQL injection vulnerability to find my reservation ID.

xkcd was prescient once again... https://xkcd.com/416/
1 comments
stavros 67 days ago
Hell, this one time, my AI assistant hacked itself trying to book an appointment for me!
link