img82.imageshack.us — Shortly after registering a user name on Netscape I went to visit the Digg tagged items on the site and this rather wierd pop up came up. Jul 26, 2006 View in Crawl 4
npdcrazypyroJul 26, 2006
Since it will probably be fixed soon, here's a video of it in action. (sorry for the Youtube blurriness :P)<a class="user" href="http://www.youtube.com/watch?v=HGbAQZv1mcw">http://www.youtube.com/watch?v=HGbAQZv1mcw</a>
jetsetsteveJul 26, 2006
DUPE: <a class="user" href="http://digg.com/tech_news/NETSCAPE_HACKED">http://digg.com/tech_news/NETSCAPE_HACKED</a>
vdxcJul 26, 2006
hilarious, but they've removed it now.
joeboneJul 26, 2006
no they haven't :p (<a class="user" href="http://www.netscape.com/tag/digg/)">http://www.netscape.com/tag/digg/)</a> - the offending code causing it is below :) in the linkOut's href he just used HTML encoded javascript - like a HTML SQL Injection attack :p quite entertaining heh Cute Bunnies
hey - sorry, man - your article was actually up before the one i linked from the dupe above. my bad!
argashJul 26, 2006
Doing a search for "Digg" also works. Dont just have to click the tag.Firefox 1.5 here btw for those keeping track
consumptionJul 26, 2006
why does"<a class="user" href="http://search.netscape.com/ns/search?query=alert(">http://search.netscape.com/ns/search?query=alert(</a>"MajorSecurity")"work on the site but not something like:"<a class="user" href="http://search.netscape.com/ns/search?query=alert(">http://search.netscape.com/ns/search?query=alert(</a>"Test")"
robertgoodwinJul 27, 2006
Hmmm... I'm not getting the popup using Firefox 1.5.0.1 on XP. I wonder what's up with that?
No more comments on this story. Add your own!
npdcrazypyroJul 26, 2006
Since it will probably be fixed soon, here's a video of it in action. (sorry for the Youtube blurriness :P)<a class="user" href="http://www.youtube.com/watch?v=HGbAQZv1mcw">http://www.youtube.com/watch?v=HGbAQZv1mcw</a>
jetsetsteveJul 26, 2006
DUPE: <a class="user" href="http://digg.com/tech_news/NETSCAPE_HACKED">http://digg.com/tech_news/NETSCAPE_HACKED</a>
vdxcJul 26, 2006
hilarious, but they've removed it now.
joeboneJul 26, 2006
no they haven't :p (<a class="user" href="http://www.netscape.com/tag/digg/)">http://www.netscape.com/tag/digg/)</a> - the offending code causing it is below :) in the linkOut's href he just used HTML encoded javascript - like a HTML SQL Injection attack :p quite entertaining heh Cute Bunnies
jetsetsteveJul 26, 2006
hey - sorry, man - your article was actually up before the one i linked from the dupe above. my bad!
argashJul 26, 2006
Doing a search for "Digg" also works. Dont just have to click the tag.Firefox 1.5 here btw for those keeping track
consumptionJul 26, 2006
why does"<a class="user" href="http://search.netscape.com/ns/search?query=alert(">http://search.netscape.com/ns/search?query=alert(</a>"MajorSecurity")"work on the site but not something like:"<a class="user" href="http://search.netscape.com/ns/search?query=alert(">http://search.netscape.com/ns/search?query=alert(</a>"Test")"
robertgoodwinJul 27, 2006
Hmmm... I'm not getting the popup using Firefox 1.5.0.1 on XP. I wonder what's up with that?