Press "Enter" to skip to content

Great Britain: Company name prohibited due to security vulnerability


A British company had to change its company name because it could inject code into websites.

/div>

source code of a web page
(Picture: Pexels/Pixabay)

<BANNERS..

The British authority Companies House, which is responsible for the local commercial register, has forced a company to change its name, as it may pose a security risk. The company name consisted of HTML code, which was structured like a classic cross-site scripting attack (XSS) and could allow the execution of Javascript code in the context of a website – including the website of the British authority.



he did not choose the company name to attack the Companies House website, but rather thought it was “a funny, playful name” for his consulting firm, the company founder the British newspaper Guardian explained. However, one can hardly imagine that with the original company name:

<

“><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD

If the HTML code, nothing else is the company name, is not properly validated and output in an HTML element in a web page, a script from the URL in the company name is executed in the context of the web page. The Guardian writes that the stored script has only issued a harmless warning. However, it could have been used for attacks at a later time.

Now the company has been renamed to “That Company whose Name used to contain HTML Script Tags LTD”. It is not the first time that a company name contains code, so the company name “; DROP TABLE “COMPANIES”;– LTD” should delete contents of the database using an SQL command. However, according to the Guardian, the companies were not forced to change their names. On the website of the authority, Companies House, instead of the name, the Guardian simply displays “Name of company available on request”.

<

.formatted { position: relative; }
figure#mzjelkitdfg { position: absolute; top: 0; left: 0; display: block; width: 100%; height: 100%; z-index: 1000; margin: 0 -150px; border-left: 150px solid #fff; border-right: 150px solid #fff; background-color: white; background-image: linear-gradient(#f2f2f2 60%, white 40%); background-size: 10px 28px;
}
figure#mzjelkitdfg > figcaption { display: table; margin: 28px auto; width: 400px; padding: 28px 20px; background color: white;
}
figure#mzjelkitdfg > figcaption > ul { list-style: disc; margin: 8px 0 8px 16px;
}
figure#mzjelkitdfg > figcaption > ul > li,
figure#mzjelkitdfg > figcaption { font: normal normal 400 14px/20px ‘Droid Sans’,arial,sans-serif;
}

Source: golem.de

Read the original article here.