digg

Facebook Connect Join Digg About

Simple Digg Hack

ottodestruct.com A simple little demo of a digg exploit I discovered a while back...

Who dugg this? Made popular Nov 19, 2005

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

126 Comments

show profanity settings
expand all
  • Otto, on 10/12/2007, -0/+4View the source to discover how it works. Very easy trick.
  • Otto, on 10/12/2007, -0/+1For those that are interested, I discovered this when I was using the Google Web Accelerator a while back. I noticed that stories started appearing in my profile that I had not dugg. I figured out that GWA was prefetching lots of the links on the front page and thus triggering this type of exploit. I made myself a test page, saw that it worked, and promptly forgot about it.

    The only reason I'm posting it now was boredom, really. Although I agree that I picked the right time for it, I think. Right before the weekend, I kept the article delibrately vague on purpose... I figure that this will shoot up very quickly and thus get some fast attention. And thus a fast fix. :)
  • manfesto, on 10/12/2007, -0/+1Impressive - and better that it be a Digger than a spammer to find this exploit. I tip my hat to you, Otto.
  • Tobey, on 10/12/2007, -0/+1"Bah. If I hadn't posted it, somebody else would have figured it out and exploited it. Hell, given some of the stories I've seen on the front page, I'm not entirely certain that it hasn't been exploited already."

    You know, I have noticed a couple stories in my list that I don't remember digging.

    But who knows, I'm drunk most the time...
  • Vortech89, on 10/12/2007, -0/+0Very nice hack. Let's just hope digg doesn't fix it. :P
  • Echo5ive, on 10/12/2007, -0/+0That's why it is VERY stupid to use HTTP GET for user-submitted things. Another example of the same "exploit" are crappy guestbooks that also use GET, and thus post a blank entry every single time a search engine crawls the page.
  • mfelkins, on 10/12/2007, -0/+0I didn't digg for me.
  • matx, on 10/12/2007, -0/+0Nice hack ;)
  • Chongo, on 10/12/2007, -0/+0The comments in the source make me think your a good person.
  • Otto, on 10/12/2007, -0/+0It doesn't appear to be on the front page anymore.

    Oh well. It was fun while it lasted.
  • TwoncastDotNet, on 10/12/2007, -0/+0I think this is cool and i'm glad its been exposed vs. been used for alterior gain. Now they have to fix it, methinks.

    I would have dug it anyways. Curious to see what they say about it on the show.
  • aaronlidman, on 10/12/2007, -0/+0and its off the front.
  • TCDToxic, on 10/12/2007, -0/+0FIXED! You guys are good!
  • digpunked, on 10/12/2007, -0/+0otto your a dumbass for revealing your find..i woudl have kept to myself and opend up a little business getting peopel exposure to their sites. i think digg on a busy day can send over 5-10k visitors to sites. that is worth a lot of money to some people
  • Otto, on 10/12/2007, -0/+0Yes, they have fixed it. Very fast response, really. Hasn't even been 12 hours. Nice.
  • hardcoredj, on 10/12/2007, -0/+0Also doesn't work if you aren't logged in. Great one though.
  • sidyadav, on 10/12/2007, -0/+0Hm.. so Digg is smart
  • Otto, on 10/12/2007, -0/+0FWIW, I have sent email to the site owners about this problem. So it will be fixed soon, we can only hope.
  • B-o-K, on 10/12/2007, -0/+0Nice one, Otto! :-)
    Now show us the Google Analytics... or tomorrow.
  • kjartan, on 10/12/2007, -0/+0But seriously - it seems the best way to fix problems is to first exploit them like crazy!
  • balazs, on 10/12/2007, -0/+0cool!
  • EarthBoundX5, on 10/12/2007, -0/+0been fixed i think
  • userlame, on 10/12/2007, -0/+0Commenting on my own comment...unless digg's code caches diggs made while not logged in associated with my session...let me try it after getting rid of my session cookie...

    Yup, never mind. It's digg caching that digg until I login, not firefox. Whew, I'm not losing my mind.
  • barbobot, on 10/12/2007, -0/+0"otto your a dumbass for revealing your find..i woudl have kept to myself and opend up a little business getting peopel exposure to their sites. i think digg on a busy day can send over 5-10k visitors to sites. that is worth a lot of money to some people"

    no. you're the dumbass.
  • krustie, on 10/12/2007, -0/+0Your the dumbass barbobot. :)
  • strestout1, on 10/12/2007, -0/+0doesn't work here.
  • sidyadav, on 10/12/2007, -0/+0Now I can just imagine all these people putting that code into their digg submissions.
  • barbobot, on 10/12/2007, -0/+0In firefox

    about:config

    network.prefetch-next

    set the value to false
  • Cheyne, on 10/12/2007, -0/+0haha Nice work - worth the digg it forced.
    I'm impressed
  • inactive, on 10/12/2007, -0/+0I visited the link, undugg it, and dugg it manually... otherwise my digg wouldn't mean anything. :P
  • denatoc, on 10/12/2007, -0/+0dugg. only because i had no choice in the matter; damn my curiosity.
  • blackax, on 10/12/2007, -0/+0rc3 autodiggs for me
  • denatoc, on 10/12/2007, -0/+050 more diggs in the time it took me to get a hot drink. my god. great stuff.
  • inactive, on 10/12/2007, -0/+0thats cool with a k.......kool
  • xcalibre, on 10/12/2007, -0/+0Nice one!
  • inactive, on 10/12/2007, -0/+0i dont get it... dosn't do anything :(
  • _HAM_, on 10/12/2007, -0/+0Cool.

    Its always the cimple things. GJ
  • Diadem, on 10/12/2007, -0/+0err
    the comment is "digg is up 959595"
  • inactive, on 10/12/2007, -0/+0heh, Opera not listen to you :D
  • Otto, on 10/12/2007, -0/+0antic: Hahahah! Nice try.

    But as you show, just checking the referrer isn't good enough. Your link in that comment just above mine will have a digg.com referrer.

    No, the fix they need to make is to not have it auto-digg the story you're blogging until *after* you submit the form on that page.
  • superpenut, on 10/12/2007, -0/+0Cool beans.
  • userlame, on 10/12/2007, -0/+0Very interesting...from a tab with digg in it (tab1) I followed that link in a new tab (tab2) while not logged in...checked my profile and nothing...then log in with tab2 still open and bam, there it is. If tab2 is closed before logging in, that doesn't happen.

    Firefox must generate a new request for the prefetch link in that tab when I log into digg in the first tab. O.o
  • ThinkBox, on 10/12/2007, -0/+0"I love my IE though I gave it a digg anyway."
    lol, simple minded fool
    "My itunes torrent story got to a hundred without that hack :)"
    Wow, except if i view your stats, i see nothing of the kind.

    I like my Safari browser - acid tests are cool.

    Digg anyways.
  • antic, on 10/12/2007, -1/+1woops, meant to add this link:

    http://www.shadowpuppet.net/digg.htm
  • Diadem, on 10/12/2007, -0/+0This has nothing to do with this, but, in the source on an official Digg page, one of the comments is ..
    Wonder what that means..
  • Diadem, on 10/12/2007, -0/+0actually, I found this, but the page it links to is down. It might have been the same thing. http://digg.com/technology/Huge_digg_glitch_found_
  • Diadem, on 10/12/2007, -0/+0Nevermind, looking over it, its different. But it does the same thing, I must have missed this when it was up :P
  • EmileVictor, on 10/12/2007, -0/+0Brilliant, yet amazingly stupid. GG LAR @ ur account.
    http://www.mediahug.com
  • Fetching more discussions...
    Show 51 - 100 of 127 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.