Wednesday, November 18, 2009

Major Kijiji.com security gap already?

Just hours after launching its new look, a big security hole has been discovered at US ad site Kijiji.com.

A twitter user tweeted his Kijiji ad for a home for sale. But what he tweeted was not the ad -- it was the ad preview. A user was able to click the tweet, get into the ad, change it, and finally post it for public viewing.

And here's what came out:



How could this happen?

The new Kijiji.com footer has a big "SHARE" button in the bottom right-hand corner that can be accessed *while* posting an ad. So the poster, in this case, obviously SHARED the preview page. There's no security at that point, other than a CAPTCHA, to prevent whoever goes to that page from editing the ad and posting it.

Score a "day one suck" for Kijiji.com.

PS: The ad poster has been notified via Twitter that his/her ad needs attention.

author

This post was written by:

Gord McCord, webmaster at You Suck at Kijiji, makes fun of funny things on Kijiji. Do not take him too seriously. Also do not take yourself too seriously. Follow him on Twitter

0 Responses to “Major Kijiji.com security gap already?”

Post a Comment

Subscribe to: Post Comments (Atom)
All Rights Reserved You Suck at Kijiji: Funniest, Best, Worst and Weirdest Ads on Kijiji
Need a media interview about You Suck at Kijiji? Contact me!