Golden Arches website's security doesn't pass the sensible surfing taste test
16 Jan 2017 at 07:02, Darren Pauli Dutch software engineer Tijme Gommers has revealed a still-active reflected cross-site scripting vulnerability and borked password controls in McDonald's main website that could be fodder for phishing attacks.The attack, reported on Gommers' blog, is possible thanks to an Angular expression injection vuln present in mcdonalds.com and could be used to steal and ship logins to attackers along with account information should users follow links.
The restaurant accounts are basic and appear useful only for McDonald's fans who sign up for the company's newsletters.
Full Article
