A British Company Forced To Changes Its Name Which Cloud Be Used to Attack Other Websites

0 30
Avatar for Secure
Written by
3 years ago
Topics: Technology, News, Blog

 A British company had to change the name of its website at the request of the UK trade register after verifying that it could be vulnerable to cross-site scripting and launching attacks against other websites. 


A software engineer has changed the name of his company to 'THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD' (that company whose name used to contain HTML script tags ltd), after the UK commercial register, Companies House, warn you that the original name put other websites at risk, including that of this government agency. 


The original name began with a quotation mark (") and an angle bracket (>), which would have made websites that did not handle HTML code correctly understand that the company name was blank and run a script from XSS Hunter, a page that locates errors in the code, as explained in The Guardian

Similar names have been registered in the past, such as “; DROP TABLE “COMPANIES”;-- LTD”, a wry attempt to carry out an attack known as SQL injection, inspired by a famous XKCD webcomic, but this was the first such name to have prompted a response. Companies House has retroactively removed the original name from its data feeds, and all documentation referring to its original moniker now reads simply “Company name available on request”.

The risk lies in the possibility that a malicious actor could have used this vulnerability to execute code on other websites through cross-site scripting.

3
$ 0.00
Sponsors of Secure
empty
empty
empty

Comments