5diggers.blogspot.com — The input from http://www.digg.com/search?search= is not properly validated. This problem can be very dangerous because it's possible to create a script that will steal user cookies, change account password, change email for password verification, digg stories, ...
Jun 28, 2006 View in Crawl 4
braxoJun 28, 2006
Still pretty cool how they dugg the story for me just by reading theirs.
itsallgeektomeJun 28, 2006
Glad that you found this, but wouldn't it be better to report it to the admins instead of advertising it to the world?
weirdbroJun 28, 2006
You realize, if this gets to the front page, it could become the most dugg item ever. I mean, if ever single member who reads it diggs it....
braxoJun 28, 2006
Agree, unfortunatly people have also dugg it down.
scott2Jun 30, 2006
I love how people always come out and scream "HEY!!!! HERE'S A SECURITY VULNERABILITY!!!" instead of simply reporting it to the appropriate group.Its like sending an engraved invitation to the script kiddies.
jmazzarelliJun 30, 2006
For example, look at my profile (<a class="user" href="http://digg.com/users/jmazzarelli/profile)">http://digg.com/users/jmazzarelli/profile)</a> and check out my chat screen name. I had created XSS with that, but once I had my fun, changed it to something innocent.