Jul
23

Digg.com Link-Injection Vulnerability

Beni (of mybeni websecurity) has just revealed to me a serious XSS link-injection vulnerability with digg.com. Check out the screenshot below.

Digg.com XSS Link Injection

If Beni decides to release the digg XSS, you’ll see it here first! (But check back in a week’s time after we’ve abused it )

So, instead of Digg gaming its own system

6

wesley says:
Jul 23, 2007 - 06:07:59

Pretty stupid abusing XSS (== hacking), they’ll prosecute you once they find out.

Brad says:
Jul 23, 2007 - 07:07:33

Obviously, you have little experience of using XSS exploits! Can you provide a single instance of prosecution for XSS link injection? I thought not! Also, consider the purpose of the post!

wesley says:
Jul 25, 2007 - 12:07:06

Ok, the myspace XSS worm has 3 years of probation + community service + can’t use a computer any more.

wesley says:
Jul 25, 2007 - 12:07:46

*worm creator

Link: http://www.securecomputing.net.au/news/45262,myspace-superworm-creator-sentenced-to-probation-community-service.aspx

Brad says:
Jul 25, 2007 - 12:07:28

There’s a significant difference between a worm and link injection! :-)

Andy says:
Aug 19, 2007 - 08:08:08

I see a lot of potential in link injection to get pages indexed that link to your site.. search engine queries, directory pages and whatnot.

Post a Constructive Comment Only Otherwise it will be Binned!

*
To prove you're a person (and not a spam bot - although we do like cute bots round here), type the security word shown in the picture.
Anti-Spam Image