5 year old exposes Xbox One's Live Account vunerabililty

Command injection is one of the first things you check before releasing functionality lol. Props to the kid for exposing this.
 
Command injection is one of the first things you check before releasing functionality lol. Props to the kid for exposing this.
Oh definitely, but headlines are making him out to be some insanely talented "hacker" or script kiddie. (Yay, journalism!)

IIRC it wasn't even command injection... just bad input validation. Something about just entering a bunch of spaces on the password recovery screen. Probably a buffer overflow on that input causing a false affirmative on validation.
 
They did not really understand what the kid did, so it sounds better that way xD. You are right, it just is usually lumped in with command injection even though the two are separate. That sounds like a plausible back-end explanation for that.
 

Funding Progress To Date

VaultF4 on Steam


48186 Members
(7975 Online 624 In-Game)
Join the group
Back
Top Bottom