Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
July 11, 2016 04:00 pm

Hacker Finds Bug to Edit or Delete Any Medium Post

Joseph Cox, reporting for Motherboard: Medium has become the go-to home for extended blog posts from researchers, CEOs, and even the President of the United States. Now, one hacker has found a way to edit or delete any post on the publishing platform. "I tried to think of different possibilities or testing cases on how can I delete a story of any user. And fortunately, I found a severe bug," Philippines-based freelance penetration test and bug bounty hunter Allan Jay Dumanhug told Motherboard in an email. The trick, Dumanhug explained in a blog post published at the end of last month, centres around Medium's "Publications" feature. Users can create their own publications -- perhaps a page dedicated to infosec news, for example -- and then request to add other users' posts to it. Each post on Medium is given its own unique, 12-character identifier code. The person who authored the post has to approve that request, otherwise their story doesn't go anywhere. But Dumanhug found that while adding his own story to his own publication, he could intercept the HTTP request and simply change the identifier to that of another post.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/bB0XCohDbsY/hacker-finds-bug-to-edit-or-delete-any-medium-post

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot