Attacks Over The Air — Phreaking HTML Injection
Too Long; Didn't Read
On July 13th, we discovered an interesting vulnerability. A particular webpage was tracking digital radio chatter and it would display a running log of what its station was hearing. This is a handy tool if you’re into this sort of thing; after all, it’s great to know if your calls are being heard or if there are ongoing conversations that you might want to join. This tool captured whatever it was hearing and inserted it into the webpage. Send a message and a few seconds later it would show up there. If the message included HTML, well that would end up on the webpage too. Classic HTML Injection.