Splat is a critical vulnerability on 404 pages where an attacker can inject plain text which is then reflected into the page. This attack vector is more commonly known as "content injection on 404 pages". Please note, we are still reaching out to vendors and will update this website when we have more information on how many people have been affected by this vulnerability.
Our research concluded that roughly 50% of all tested websites are affected by this vulnerability. We tested google.com and reddit.com, and then got distracted.
We highly recommend changing your 404 pages to 405 -- that would prevent content injection on 404 pages.
Good question.
Depends on how gullible you are.
Attacks usually go undetected until it is too late.
Nobody wants to take credit for finding this bug for some unknown reason.
Tweet