Last updated on March 9, 2021
A British company had to change its company name because it could inject code into websites.
he did not choose the company name to attack the Companies House website, but rather thought it was “a funny, playful name” for his consulting firm, the company founder the British newspaper Guardian explained. However, one can hardly imagine that with the original company name:
“><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD
If the HTML code, nothing else is the company name, is not properly validated and output in an HTML element in a web page, a script from the URL in the company name is executed in the context of the web page. The Guardian writes that the stored script has only issued a harmless warning. However, it could have been used for attacks at a later time.
Now the company has been renamed to “That Company whose Name used to contain HTML Script Tags LTD”. It is not the first time that a company name contains code, so the company name “; DROP TABLE “COMPANIES”;– LTD” should delete contents of the database using an SQL command. However, according to the Guardian, the companies were not forced to change their names. On the website of the authority, Companies House, instead of the name, the Guardian simply displays “Name of company available on request”.
Read the original article here.