strategical
tactical
homeland
cyber

The company was forced to change its name, which could provoke an XSS attack

The name “> <SCRIPT SRC = HTTPS: //MJT.XSS.HT> LTD” turned out to be dangerous for sites that could not properly process HTML.

33.jpg

In the past, some organizations have used lines of code for the sake of joke, but at least one of them had to change it. According to The Guardian, UK Companies House forced one of the consulting companies to change its name after it became known that it can be used to carry out XSS attacks on vulnerable pages, including the Companies House itself. As it turned out, just by mentioning the name of the company, the website of the regulator could inadvertently compromise itself. Not a very convenient situation for a government agency that initially approved the problematic name.

It is about the name “> <SCRIPT SRC = HTTPS: //MJT.XSS.HT> ; LTD ”, which is dangerous for sites that cannot handle HTML formatting properly. Such sites may decide that the company name field is empty and run the script from the XSS Hunter site. This script is quite harmless and just displays a warning, but Companies House thought it was enough to oblige the company to change its name. It is now titled “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD” (“THAT IS THE COMPANY WHICH BEFORE THE NAME CONTAINED HTML LTD SCRIPT TAGS”). According to the representatives of the Registration Chamber, they have taken measures to prevent the occurrence of similar situations in the future.

It's funny to see how a comic name with code elements can cause an avalanche of problems. However, this situation is also an example of how fragile Internet security can be. If you can cause chaos with just an unusual name, then site owners have a lot of work before they can be sure that they are safe.

All News

Scroll top