We have a new entry to our Software Testing Hall of Shame this week , this time courtesy of Justin Dessonville. If you don’t already follow his iamdez blog check it out, it is a good read.
He reports “It’s a well-known problem with websites that if you trust user-submitted data that you will get burned.”
Sears literally did get burned by their own incompetence when their website started promoting ‘Grills to cook babies and more’.
“The problem wasn’t a huge lack judgment by the Sears product team, but rather a lack of understanding about displaying variable names and values in the URL. A lot of sites do this by default, but the Sears site took it one step further. If a specific page became popular, the results were cached and displayed to users.” he says.
To get the full story, there is a good explanation on reddit.com comments
Representatives from Sears said they were victimized by “someone visiting” the company’s Web site. But it seems that the unusual listing was due to technical flaws in the mechanics of the company’s own website and not a ‘defacement’ at all. As one of the commentators on Reddit puts it - “it was pure incompetence on the part of Sears, and not a malicious hack.”
Share This: Linked In | Twitter
[...] From OrigSoft.com: “It’s a well-known problem with websites that if you trust user-submitted data that you will get burned. Sears literally did get burned by their own incompetence when their website started promoting ‘Grills to cook babies and more’. The problem wasn’t a huge lack judgment by the Sears product team, but rather a lack of understanding about displaying variable names and values in the URL. A lot of sites do this by default, but the Sears site took it one step further. If a specific page became popular, the results were cached and displayed to users.” [...]
Pingback by “Life’s a Glitch, Then You Die” (Happy Halloween from uTest) | Software Testing Blog — October 30, 2009 @ 7:53 pm