Ask HN: Unsanitized query string on donaldjtrump.com
Hey all, I was poking around Donald Trump's website for security vulnerabilities and discovered this: http://shop.donaldjtrump.com/?search=%3Cscript%3Ealert%28%22%22%29;%3C/script%3E
Although it doesn't actually inject an XSS, it seems to confuse the server, taking it down for about 20 seconds. Any idea what is going on here?
2 comments
[ 3.1 ms ] story [ 12.3 ms ] threadEdit: No, you were right. It does take the server down. Weird.
It seems to be based on some product called Volusion.