Community
Interesting read on The Register about a cross site scripting bug on Worldpay. Then a lot of comment about whether it was fixed quickly enough!
Amateur security sleuth Adam Grit spotted the loophole last month and found it allowed him to inject custom javascript code. He could then intercept all the sensitive information that users had typed onto a Worldpay payment page.
He tested it on their live site and confirmed it worked - and then emailed them the details of the problem. He apparently got no response.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Nkiru Uwaje Chief Operating Officer at Mansa
12 September
Alexander Boehm Chief Executive Officer at PayRate42
Hugo Chamberlain COO at smartKYC
Carlo R.W. De Meijer Owner and Economist at MIFSA
11 September
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.