Sumit Kalra's Favorite Bug

Our application (web based) is built in .Net and Infragistics. It has 6 modules. One module is similar to product management, in this we need to enter product title, product details, etc. Newly created product names appear on the homepage. So while testing, in the "Product Title" field I entered this text: <script>alert ("test")</script> and then I saved the Products page. After saving an alert popup with text "test" appeared. And when I went to the homepage, the product name was not appearing but a popup with text "test" appeared. Whenever any user goes to the homepage, an alert popup appears. Then I insert a for loop in the product title and now the popup appeared 5 times. It was quite irritating =)

This is my favorite bug. Actually it is a security loophole (cross side scripting). Here one can call malicious scripts also.

-- Sumit Kalra

 

Do you have a bug whose story you love to tell? Let me know!