Coding errors expose hidden area of BT site
PrintBreeches unbuttoned
Posted in Enterprise Security, 2nd October 2007 12:43 GMT
Free whitepaper – Vulnerability management buyer's checklist
Coding errors on BT's price calculator website have left 'hidden' web areas of the site exposed.
Users visiting the call price calculator may be surprised to see the other options on their sidebar and the "you are here" section.
Options include "Cat_HiddenArea", "Cat_HiddenPlaypen" and "Topic_HiddenTest". These diverting-sounding areas actually don't contain much of interest. One page is unavailable, another contains boilerplate text in Latin and the final page "Topic_HiddenTest" gives info to BT's Digital Vault while popping up a login for staging.bt.com. We're not quite sure why.
Altogether it could be a lot worse. BT's made the coding equivalent of neglecting to zip up on leaving the bathroom.
"No significant security breaches, just bad PR and lazy web discipline", notes Reg reader Matthew Johns, who we're grateful to for passing on the tip. ®
Free whitepaper – Vulnerability management buyer's checklist
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive