Test Guide

Making the invisible visible since 1987

This Blog

Syndication

Search

News

The stylized braids and "Helping your team reach its full potential" are trademarks, thank you very much.

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/ info/cpyright.htm.

My blogroll

Sumit Kalra's Favorite Bug

Our application (web based) is built in .Net and Infragistics. It has 6 modules. One module is similar to product management, in this we need to enter product title, product details, etc. Newly created product names appear on the homepage. So while testing, in the "Product Title" field I entered this text: <script>alert ("test")</script> and then I saved the Products page. After saving an alert popup with text "test" appeared. And when I went to the homepage, the product name was not appearing but a popup with text "test" appeared. Whenever any user goes to the homepage, an alert popup appears. Then I insert a for loop in the product title and now the popup appeared 5 times. It was quite irritating =)

This is my favorite bug. Actually it is a security loophole (cross side scripting). Here one can call malicious scripts also.

-- Sumit Kalra

Do you have a bug whose story you love to tell? Let me know!

Published Thursday, August 27, 2009 4:30 PM by micahel

Filed under: Favorite Bug

Comments

# re: Sumit Kalra's Favorite Bug @ Wednesday, September 02, 2009 9:36 PM

Try a while(true) { window.open("url of this page"); }

That's *really* irritating. :D

Trisherino

New Comments to this post are disabled