Reddit Attacked By Xss Exploit

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted
Sept. 28, 2009

Reddit attacked by XSS exploit

The Reddit social news aggregator was reportedly the subject of a cross site scripting attack where just hovering over a comment message could cause a logged in user to post rogue comments. The XSS attack appears to exploit a vulnerability which allows JavaScript code to be inserted into Reddit comments. According to a thread on Reddit, a user named Empirical created some JavaScript code which, if copied and pasted into the address bar, would reply to all the comments on a Reddit page, while another user named "xssfinder" created a proof of concept which could run JavaScript code by hovering over a comment. Xssfinder then decided to combine the two pieces of code and tested it in a sub-Reddit called "proofofhax". From there, the XSS exploit spread over Reddit

.

Read more at Heise security - http://www.h-online.com/security/Reddit-At...t--/news/114337

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing