start > 2006-02-09 > 1
I can't believe it
labels
| Category: | security |
I can't believe it 
It's 3 AM and I'm laughing out loud, I just can't believe it! Once again I find myself amused with the efforts (or lack of them) of hi5.com developing team.Well, I didn't report the last javascript injection, it was an injection within a link and we couldn't change the document object. Just a few minutes ago I remembered to re-check if by any divine act they would have fixed that, and they didn't… But that's not the problem, I just tried my old XSS attack and it worked again, it seems they have reversed the patch. Oh god.. Tomorrow if I remember I'll be reporting again this problem.Until then, my
profile is once again redirecting to my hi5 spoofed login page. If you are interested in having some fun you can always add the following line to any of the fields that support html, like the "about me" field:
<img src="" onError="window.document.images[2].src='http://pabrantes.dyndns.org/gozo.jpg';">
This code will switch the hi5 image logo in your profile main page for another one up side down.
no comments |
post comment
Who am I?
My name is Paulo Abrantes AKA pabrantes and I'm a software developer. I'm currently employed at CIIST working as a Java developer in FenixEDU.This blog is mostly about Java programming, domain driven design and snipsnap bliki developing. Everything written in this blog is my personal opinion and it may not reflect the opinions of my employer and co-workers.
Blog subscription
My name is Paulo Abrantes AKA pabrantes and I'm a software developer. I'm currently employed at CIIST working as a Java developer in FenixEDU.This blog is mostly about Java programming, domain driven design and snipsnap bliki developing. Everything written in this blog is my personal opinion and it may not reflect the opinions of my employer and co-workers.
Blog subscription
Links
Home
Paulo's Profile
Post History
Add to Technorati Favorites
Paulo's Photo Gallery
WishList
Posting without Login
Lon3wolf's Blog
MANOWAR's Blog
Max's Blog
Jff's Blog
João Ferreira's Blog
Moon's Blog
Rui's Movie
Blog
Balhau's Blog
Recent PostsJava Programming: Bytecode Injection
Intermission: Sorry For Downtime
Software Developing: Studying The Bliki Domain Model
SnipSnap Developing: Trying to settle a roadmap
System Administration: Load Balancing with Apache
Blogging: Two years have passed
Software Developing: The SnipSnap Saga
Java Programming: Getting your code spicy with Groovy
Software Developing: Fluent Interfaces
Software Developing: Implementing a ShoutBox on SnipsSnip
Software Developing: SnipSnap, SnipIt and SnipSnip
Java Programming: Proxies and Access Control
Java Programming: Proxies and References
Java Programming: References' Package
YALM: Yet Another Layout Modification
For older posts, please refer to post-history for a complete Post History
… and 3 Guests.
Home Paulo's Profile Post History Add to Technorati Favorites Paulo's Photo Gallery WishList Posting without LoginSearch Blog
Fellow Bloggers
Lon3wolf's Blog MANOWAR's Blog Max's Blog Jff's Blog João Ferreira's Blog Moon's Blog Rui's Movie
Blog Balhau's BlogIntermission: Sorry For Downtime
Software Developing: Studying The Bliki Domain Model
SnipSnap Developing: Trying to settle a roadmap
System Administration: Load Balancing with Apache
Blogging: Two years have passed
Software Developing: The SnipSnap Saga
Java Programming: Getting your code spicy with Groovy
Software Developing: Fluent Interfaces
Software Developing: Implementing a ShoutBox on SnipsSnip
Software Developing: SnipSnap, SnipIt and SnipSnip
Java Programming: Proxies and Access Control
Java Programming: Proxies and References
Java Programming: References' Package
YALM: Yet Another Layout Modification
For older posts, please refer to post-history for a complete Post History
Recently Changed
m4ktub- david_zdd
- inos
Software Developing: SnipSnap, SnipIt and SnipSnip (enricod)- Software Developing: SnipSnap, SnipIt and SnipSnip (pabrantes)
- Software Developing: SnipSnap, SnipIt and SnipSnip (enricod)
- enricod
- beautisgift01@yahoo.com
- Java Programming: Bytecode Injection (pabrantes)
- Java Programming: Bytecode Injection (m4ktub)
Logged in Users: (0)