Event Cinemas/Birch Mobile Site (with XSS holes)

I went to www.birch.com.au the other day to look up some timetables and they’ve replaced it with a new loud glary site that I couldn’t get working instantly. I turned off Javascript and found they have a mobile site as well, which is at http://m.greaterunion.com.au – it offers a really simple interface to quickly get timetables for their cinemas all across Australia.

Except, as jadz0r points out, it appears to be subject to XSS vulnerabilities, so use at your own risk.

Leave a Reply

Your email address will not be published. Required fields are marked *