today I’ve found two different kinds of vulnerability on http://www.wordreference.com .
As you know wordreference is one of the most important free dictionary in the net and thank to it I’ve learned a little English; for this reason I’ll not post some real examples how to exploit it but I’ll show just a proof of that.
The first vulnerability is a classic SQL Injection while the second one is a classic buffer over flaw, on arithmetic operation.First of all put a really common word as “a”, you’ll find a lot of translation and at the end of the page you’ll find the “next 100” link as the following image shows
Pressing on this link and looking on the URL bar you’ll see something like that
Try to change the “start” parameter putting the value “-1” and here we go ! You should see that:
But it’s not enough, if you try to put also a long string in order to break into the pointer like the following one
You’ll see another error like the following one
This is another bad example of input checking… Maybe a lot of problems could be resolved just putting a right input check inside application.