
Ask HN: Unsanitized query string on donaldjtrump.com - dkaoster
Hey all, I was poking around Donald Trump&#x27;s website for security vulnerabilities and discovered this: http:&#x2F;&#x2F;shop.donaldjtrump.com&#x2F;?search=%3Cscript%3Ealert%28%22%22%29;%3C&#x2F;script%3E<p>Although it doesn&#x27;t actually inject an XSS, it seems to confuse the server, taking it down for about 20 seconds. Any idea what is going on here?
======
tpro
It is possible that that query is kicking off some extremely resource
intensive search although that it really just a guess.

------
smt88
It looks like the server is just down. It might have been hugged to death due
to people's reactions to the DNC.

Edit: No, you were right. It does take the server down. Weird.

It seems to be based on some product called Volusion.

