TMZ reported yesterday about a grill featured on Sears’ website under “Human Cooking > Grills to Cook Babies and More > Body Part Roaster”, and they produced the following image as proof:
According to reddit user gfixler, who claims responsibility for the prank, he’s been able to make these sorts of modifications to the breadcrumb trail on sears.com “all year.”
Here’s another example:
As explained by reddit user immerc, this was done by simply changing the parameters in the URL of the page being viewed and then resubmitting it. Sears was extracting the breadcrumb text directly from the URL without any validation. Furthermore, the site cached the page associated with the item, so the user-generated breadcrumb remained visible to other users for some nontrivial period of time.
Sears has since fixed the flaw, and hopefully learned its lesson about sanitizing anything that might come from a user.
Thanks to Alex B. for the tip.
https://youtu.be/H75eQX006jA?si=rmiAVKzAqWRXFygK Watch as Johnny Cash sings "Nasty Dan" to Oscar the Grouch in this adorable…
About a third of U.S. adults have looked for love online. Maria Korneeva/Moment via Getty…
For today’s edition of “Deal of the Day,” here are some of the best deals…
Get ready, Vault Dwellers and Wastelanders! The Honest Trailer for the Fallout TV series is…
His name should be Hamburgerburglar, not Hamburglar! [Source: @goattoself]
