Hacker News new | comments | ask | show | jobs | submit login

The non automatic version of this (with a appspot domain, not considered a bug, the guy logged in) has been used to discover the true identity of a guy who claimed to reveal insider info on Twitter about the French Socialist party (left - Partie Socialiste), he is a member of the opposite party UMP (right).

http://www.rue89.com/2010/09/30/comment-le-faux-twitter-du-p...




I found this[1] when playing with the Google Code Play Ground. Not really a vulnerability, but: i. it is on the appspot domain ii. I can do ANYTHING I want; make a site, force redirection iii. That's all I have

*They were notified a while back.

How they can fix it? i. Check ip of sender and receiver ii. Use htmlfill or append a new script instead.

[1] http://www.christopherwoodall.com/blog/?x=entry:entry100814-...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: