Y
Hacker News
new
|
ask
|
show
|
jobs
by
nsx147
4019 days ago
Some Uber intern probably made that form and didn't know what sanitizing inputs was about. Good find - but easy fix. You usually can't get away with XSS attacks anymore
1 comments
uberhacked
4019 days ago
Uber told me they used WordPress to build their petition sites. Maybe other WordPress sites are vulnerable?
link
noeltock
4019 days ago
WordPress has plenty of functions to sanitize, the one who made the theme or dropped in the form probably overlooked it.
link