Friday, February 2, 2024

Reader Comment – Rockwell Advisory Page Again

Well, my anonymous reader is back with additional comments about the new Rockwell advisory page. He sees the new advisories now but there appears to be a problem with the URL for the website. So I played with it some, and there is definitely something odd here:

Let’s start with the URL that I have been using for the site:

I tried this again this morning, and yep, the three newest advisories are at the top of the page.

But the ‘?sort=pubAsc’ portion of the URL really should not make much difference so I tried it without those characters:

When you enter that URL to a new window the site automatically adds the characters back in. But the three newest advisories are not listed on the page. If you then reload the page, voila, the three newest advisories are there. I have played with a couple of other changes to the post ‘?” portion of the URL and some odd things happen to the URL after it finishes loading, but the three new advisories remain on the page. I suspect that there is something wrong with how the site handles these URL’s, but it will take a better hacker than I (or at least one with more time) to figure out if this ‘problem’ is actually a vulnerability.

No comments:

/* Use this with templates/template-twocol.html */