That said, I just revisited and found that indeed, they did find a bug that allowed them to inject arbitrary javascript via poor input validation on the part of the web designer :-/
On Tue, 26 May 2020 at 15:15, Anthony <[email protected]> wrote: > I got one of those for a company I look after awhile ago. > > The one I got appeared to be from a recent IT school graduate armed with > Google + whois client. > > On Sun, 24 May 2020 at 15:01, Russell Coker via luv-main < > [email protected]> wrote: > >> https://www.openbugbounty.org/reports/1170432/ >> >> Is this some kind of scam? The web page in question is a static page >> with an >> embedded Google search field. Unless there's a problem with the Google >> search >> (which would probably be more of a problem for Google than for me) then I >> can't imagine what the issue might be. >> >> Details aren't provided, presumably they want me to pay for that. >> >> -- >> My Main Blog http://etbe.coker.com.au/ >> My Documents Blog http://doc.coker.com.au/ >> >> >> >> _______________________________________________ >> luv-main mailing list >> [email protected] >> https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main >> >
_______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
