Hacker News new | past | comments | ask | show | jobs | submit login

Eric executed actual attacks against all the projects mentioned in the article. Most of them resulted in data corruption (e.g., making a page unviewable by setting a non-existent user ID) but on one he was able to change his order status to "paid".



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: