Digg.com Link-Injection Vulnerability

Posted: July 23, 2007 by Brad

Beni (of mybeni websecurity) has just revealed to me a serious XSS link-injection vulnerability with digg.com. Check out the screenshot below.

Digg.com XSS Link Injection

If Beni decides to release the digg XSS, you’ll see it here first! (But check back in a week’s time after we’ve abused it )

So, instead of Digg gaming its own system



6 Comments so far

  1. wesley on July 23rd, 2007

    Pretty stupid abusing XSS (== hacking), they’ll prosecute you once they find out.

  2. Brad on July 23rd, 2007

    Obviously, you have little experience of using XSS exploits! Can you provide a single instance of prosecution for XSS link injection? I thought not! Also, consider the purpose of the post!

  3. wesley on July 25th, 2007

    Ok, the myspace XSS worm has 3 years of probation + community service + can’t use a computer any more.

  4. wesley on July 25th, 2007

    *worm creator

    Link: http://www.securecomputing.net.au/news/45262,myspace-superworm-creator-sentenced-to-probation-community-service.aspx

  5. Brad on July 25th, 2007

    There’s a significant difference between a worm and link injection! :-)

  6. Andy on August 19th, 2007

    I see a lot of potential in link injection to get pages indexed that link to your site.. search engine queries, directory pages and whatnot.

Leave a reply

*
To prove you're a person (and not a spam bot - although we do like cute bots round here), type the security word shown in the picture.
Anti-Spam Image