Skip to content

December 15, 2010

Finding Security Bugs in Gawker Source Code

With the recent high-profile Gawker compromise, their entire source code and user database are available as a torrent. Some people have taken to cracking the (weak) password hashes, whilst others are looking for bugs in the source.

Mike Bailey has started Gawker Bug of the Day (@gawkerbugs), and will be disclosing security vulnerabilities in their source code… presumably for funsies.

GBOTD#1 is a XSS found in the first 3 lines of the first file:

According to Mike, he’s already found over 30 bugs after just a few hours of hunting.

Share your thoughts, post a comment.


Note: HTML is allowed. Your email address will never be published.

Subscribe to comments