Reply to post: Re: Kudos to all involved

Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass

maffski

Re: Kudos to all involved

Although maybe no Kudos to the dev(s) who failed to confirm they were checking the authority of any access and to the tester(s) who failed to try and access it without the correct authority.

I'd be pushing 'yaqs' back into the testing team for a full going over - if they didn't bother with even the basic authorisation checking did they validate query strings and form fields for tampering?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon