

I hacked Uber's website yesterday - uberhacked
http://thisshouldbefixed.com/2015/06/13/i-broke-uber/

======
Xylemon
The "Slip and Slide" bit give me a good laugh. Interesting article, makes me
curious about what exploits I have on my own site.

~~~
uberhacked
Thank you for sharing your thoughts! I'm glad you enjoyed the article.
Kickstarter.com is my next target.

~~~
droope
Recommendation: stop being an idiot. With your skills you should be able to
land a job in security, and you'll actually make money instead of going to
jail like a dumbass.

------
nsx147
Some Uber intern probably made that form and didn't know what sanitizing
inputs was about. Good find - but easy fix. You usually can't get away with
XSS attacks anymore

~~~
uberhacked
Uber told me they used WordPress to build their petition sites. Maybe other
WordPress sites are vulnerable?

~~~
noeltock
WordPress has plenty of functions to sanitize, the one who made the theme or
dropped in the form probably overlooked it.

