Cross-Site Scripting Worm Floods MySpace

| October 14, 2005 | 3 comments

This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!

Cross-Site Scripting Worm Floods MySpace was posted on October 14, 2005 at 10:38 pm in Web, WordPress and tagged as , , , , . It was last modified on October 14, 2005 at 10:38 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or pingback from your site.

Share on Twitter, Facebook, Delicious, Digg, Reddit

Related Posts

3 Comments

Dotan Dimet (1 comments.) on October 27, 2005 at 4:20 pm.

The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: http://namb.la/popular/tech.html and asking yourself if something like that could get past your own (or Worpress’) filters.

Reply

Donncha (1707 comments.) on October 28, 2005 at 1:56 pm.

Thanks Dotan, that made for a scary read!

Reply

omfg click here (1 comments.) on November 28, 2005 at 7:47 pm.

holy pj i fucking adore u

Reply

Leave Your Comment

Your email will not be published or shared. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Holy Shmoly! is Stephen Fry proof thanks to caching by WP Super Cache