Security vulnerabilities found in Reddit and Pligg
Pligg, the open source CMS that lets you easily create a RSVC (Digg-like) site, has a serious security vulnerability in all its versions, which enables malicious attackers to take control of the website. All Pligg admins are advised to apply the patch immediately.
In an unrelated incident, Reddit users discovered that Reddit doesn’t clean up the code in its comments very well, which can be used to employ an XSS-based attack. The vulnerability has already been fixed, and pasting the code in a Reddit comment will now result in the display of the following text: “I am a terrible person”. So, if you don’t want to be ridiculed by Redditers, don’t try it. Some more information about the hack can be gathered from this Digg thread.
May 27th, 2007 at 7:30 am
I’ve just finished a post on why XSS vulnerabilities need to be taken seriously (by posting some examples of how a malicious user could use XSS to steal login details etc) You can read it over on my blog: http://foobr.co.uk/2007/05/javascript_is_for_hackers/
May 27th, 2007 at 8:32 am
@Aaron: thanks, the examples are great.
May 28th, 2007 at 12:25 am
Cheers, I just thought the best way to show people why XSS is an issue to be taken seriously is to give them some examples of how it can be malicious.
Alot of people on reddit thought it wasn’t a big deal as the only things that people were doing was removing the logo etc.
But some people have yet to grasp just how powerfull Javascript can be and just how much damage could be caused by allowing users to inject it into your pages.
May 28th, 2007 at 12:35 am
@Aaron: incidentally, both Croatian big blog services are currently under attack by a hacker (he’s posting unauthorized posts on blogs), and while my guess that it might be an XSS problem, the official word is to ‘change your passwords to something stronger’. I hope they’ll find someone who actually knows what he/she’s talking about to fix this for them.
April 15th, 2009 at 5:53 am
how many gigabytes do ipods have
height and weight charts for s
July 14th, 2009 at 8:05 pm
rationale tamper minty realize ephs beside pills
December 30th, 2009 at 1:40 am
Hola, mi nombre es Sabrina y estube buscando por internet, fue entonces que encontre tu blog, el cual me gusto mucho, el cual es bastante agradable para leer. Regreso la proxima semana para leerte de nuevo. Saludos Sabrina
December 30th, 2009 at 9:13 am
This is an excellent site, I will definitely be adding this blog to my bookmarks.
December 30th, 2009 at 9:13 am
Thank you so much for the awesome post, This was exactly what I needed to read
January 20th, 2010 at 8:59 pm
Good recap from you, i got myself lost in here if i hadn’t find your blog, thanks for your info
February 15th, 2010 at 7:28 pm
Just thought I would let you know that a Google lead me here, and sure am glad I found this site. I will be coming back over in a few days to see if there is updated posts.
February 16th, 2010 at 2:30 am
hey this blog is great. I’m glad I came by this blog. Maybe I can contribute in the near future. PM ME on Yahoo AmandaLovesYou702 Thank you day758
February 27th, 2010 at 8:32 am
Wonderful site SEO hacking Gurus?AGOOD!!:)
March 9th, 2010 at 7:49 pm
I purchased a cctv system from sams club. What a mistake. Bad quality products. I guess you get what you pay for. I found cctvboss via google and whilst they were not the cheapest to buy from, they sure knew their products and the service was great.
March 10th, 2010 at 9:32 am
Here you can get all the insurances you need Free Insurance guide.