Blog article
See all stories ยป

RBS fix vulnerability in WorldPay site

Interesting read on The Register about a cross site scripting bug on Worldpay. Then a lot of comment about whether it was fixed quickly enough!

Amateur security sleuth Adam Grit spotted the loophole last month and found it allowed him to inject custom javascript code. He could then intercept all the sensitive information that users had typed onto a Worldpay payment page.

He tested it on their live site and confirmed it worked - and then emailed them the details of the problem. He apparently got no response.


Comments: (0)

Now hiring