I started this blog as an experiment, and as a small sideline challenge (to discover a vulnerability on the IJJI site every day for a month), but as I look back, I seem to have made numerous errors.
Each post should be focusing on a different script. My early posts focused on polls, which all used the same script:
http://event.ijji.com/poll.nhn
The only difference in each disclosure was the poll name, which did return different data, but shouldn’t have been posted seperately, as it wasn’t a new script.
Scripts on different subdomains are allowed though, as subdomains are seen a different hostnames according to the same origin policy (which is important for an attack).
Advertisement
