tag:blogger.com,1999:blog-13756280.post9134785885979713216..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: QVC Business Logic Flaw nets scammer $412,000Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-13756280.post-47479681223462978562008-03-26T07:39:00.000-07:002008-03-26T07:39:00.000-07:00Captcha bypass testCaptcha bypass testAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-86081829966162366972008-01-29T04:49:00.000-08:002008-01-29T04:49:00.000-08:00Captcha bypass testCaptcha bypass testAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-87499193104796542992007-12-10T14:31:00.000-08:002007-12-10T14:31:00.000-08:00Captcha bypass test!!!!Captcha bypass test!!!!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-41311280750753576892007-11-05T14:36:00.000-08:002007-11-05T14:36:00.000-08:00kingthorin> are you kidding!? MustLive is persiste...kingthorin> are you kidding!? MustLive is persistent! :)<BR/><BR/>ory> I'd go with 5 9's. 99.999% :)<BR/><BR/>And dammit, stop posting my software roadmap!Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-17271634142086107352007-11-05T14:06:00.000-08:002007-11-05T14:06:00.000-08:00asdfsdfasdfsdfAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-67577387819634279702007-11-05T13:39:00.000-08:002007-11-05T13:39:00.000-08:00I think that 99% of the people wouldn't have spott...I think that 99% of the people wouldn't have spotted this vulnerability during a manual assessment, since it requires an actual order, a cancellation, and then a wait period to receive the product...not very likely to be spotted by the average joe pentester.<BR/><BR/>On the other hand, this is very simple to automate using a web application scanner and an RS-232 cable connected to your mailbox via your standard mailbox2computer interface ;-)<BR/><BR/>Awesome hack though...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-40029796704795434172007-11-05T12:21:00.000-08:002007-11-05T12:21:00.000-08:00You'd think he'd be over that by now.You'd think he'd be over that by now.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-32310747394779196132007-11-05T11:18:00.000-08:002007-11-05T11:18:00.000-08:00Captcha bypass testCaptcha bypass testAnonymousnoreply@blogger.com