Thursday, January 05, 2012

(hot) Dark Reading Vulnerable with XSS? WTF

 I just wanna read this "AntiSec Hacks Signal Same Old, Same Old in Database security" posting at Dark Reading, but after a while i found out that it seems that the page get redirected to, with some defaced page created by attacker.

After looking to the code; Well, i guess, we will fully understand what is the problem with Dark Reading website. Yes, its their comment feature, oh well It sucks. Still happen now, if you visit that page.

Nice for the finder/attacker, shame on you Dark Reading. Hmm.. What happen if its redirect to malware sites (combine with browser or client-side exploit) or a-look-a-like (pishing) finance/bank sites.

Oh well. LULZ

Update: seems they delete/disable the comment, so its patched fixed :D

No comments:

Post a Comment