| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 67086 | 2006-03-16 12:21:00 | Potential TradeMe exploit | b1naryb0y (3) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 438632 | 2006-03-16 12:21:00 | Have a look here (tinyurl.com). Screenshot (tinyurl.com). I have informed TradeMe of this. It will be interesting to hear what their response is. |
b1naryb0y (3) | ||
| 438633 | 2006-03-16 19:52:00 | Thats interesting. Thanks for the heads up. Will keep an eye out |
lazydog (148) | ||
| 438634 | 2006-03-17 00:03:00 | Has this been fixed? It looks like HTML entities characters are now being used, so it would not work, or if it still works, why isn't it being rendered correct for me under Firefox 1.5.0.1 Cheers, Kame |
Kame (312) | ||
| 438635 | 2006-03-17 00:10:00 | This is pretty serious; I'm surprised that trademe isn't paying attention to it. It seems their service has been a bit lackluster lately... | Neongreen (6358) | ||
| 438636 | 2006-03-17 00:48:00 | Yea, looks like they have done something as it's not doing it any more. (like in your screenshot) | CYaBro (73) | ||
| 438637 | 2006-03-17 01:59:00 | Trademe have fixed the problem that could allow phishing attempts through embedded http utilising iframes. Someone could potentially have hosted a page offsite and passed itself off as genuine TradeMe code, with the intention to collect usernames and passwords, or at worse, credit card details. Though this has now been rectified, TradeMe pages can still be defaced, and could still allow someone to operate with criminal/immoral intent. See here (tinyurl.com) |
b1naryb0y (3) | ||
| 438638 | 2006-03-17 03:14:00 | Ah, you have to love cross site scripting... Maybe they should just not allow any HTML/scripting code to be posted by users at all... |
gibler (49) | ||
| 1 | |||||