Responsible Disclosure: Content Injection flaw in Gett's Website
By @edent

Bit of a boring write-up, but here we go. Taxi app Gett had a content injection flaw in its search function. By searching for an HTML string, it was possible for an attacker to add links or images to a page. It was really hard to contact them - but the threat of media attention […]
Continue reading →