Coding errors expose hidden area of BT site
PrintBreeches unbuttoned
Posted in Software & Security, 2nd October 2007 12:43 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Coding errors on BT's price calculator website have left 'hidden' web areas of the site exposed.
Users visiting the call price calculator may be surprised to see the other options on their sidebar and the "you are here" section.
Options include "Cat_HiddenArea", "Cat_HiddenPlaypen" and "Topic_HiddenTest". These diverting-sounding areas actually don't contain much of interest. One page is unavailable, another contains boilerplate text in Latin and the final page "Topic_HiddenTest" gives info to BT's Digital Vault while popping up a login for staging.bt.com. We're not quite sure why.
Altogether it could be a lot worse. BT's made the coding equivalent of neglecting to zip up on leaving the bathroom.
"No significant security breaches, just bad PR and lazy web discipline", notes Reg reader Matthew Johns, who we're grateful to for passing on the tip. ®
Free whitepaper – Managing desktop software for fun and profit
Enabling the Agile Data Center
Straight Talk with Dell: Sending out an SaaS
The business value of SIP VoIP and trunking
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs