IT department created a risk assessment system and asked us to fill out the form.

I found that the form is vulnerable to XSS and possibly SQL injection so I told them and their response was:

"Oh, shit. Please don't tell anyone!"

Of course, it never get fixed :/

  • 14
    You should use the risk assessment system to asses the risk of using the risk assessment system.
  • 6
    Tell.. EVERYONE!!!
  • 4
    Do what Google did to Microsoft... Give them 7 days to fix it before you tell people lol.
  • 0
    @owena that was a normal thing for google. They give everyone 7 days for high security problems
  • 1
    @Charmgoggles I know, but Microsoft wasn't very pleased lol
  • 1
    Yo dawg,we heard you like assessing risks...
Add Comment