Ask HN: Unsanitized query string on donaldjtrump.com

2 points by dkaoster ↗ HN
Hey all, I was poking around Donald Trump's website for security vulnerabilities and discovered this: http://shop.donaldjtrump.com/?search=%3Cscript%3Ealert%28%22%22%29;%3C/script%3E

Although it doesn't actually inject an XSS, it seems to confuse the server, taking it down for about 20 seconds. Any idea what is going on here?

2 comments

[ 3.1 ms ] story [ 12.3 ms ] thread
It is possible that that query is kicking off some extremely resource intensive search although that it really just a guess.
It looks like the server is just down. It might have been hugged to death due to people's reactions to the DNC.

Edit: No, you were right. It does take the server down. Weird.

It seems to be based on some product called Volusion.