YISTA

Reddit.com XSS Exploit

May 27th, 2007 by Marston

Reddit
We’re not sure if this is directly related to the Ajax exploit we posted about, but interesting to see the point proven that security shouldn’t be forgotten in the name of “Web 2.0”

Apparently it was a simple as them not validating any input on their posts/comments :-( as reported here. This is a similar technique used back when MySpace incurred a similar fate (Sammy will always be my hero.).

It also seems the creators knew about this months ago but decided it wasn’t a priority, bummer.

Here is the actual post of reddit where users figured it out. There haven’t been any malicious hack attempts as of yet, but if they don’t fix it soon you can bet there will be.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Filed under: Hacks, Security, Social Networking

One Response to “Reddit.com XSS Exploit”

  1. Anon
    May 30th, 2007 - 1:09 pm

    Its odd how people always use the word “hacked” even though it was only a vulnerability discovery.

    I.E. This Digg article
    http://digg.com/tech_news/reddit_has_been_hacked

Leave a Reply

Yah, I saw that already too, but just in case you may missed something YISTA is here to keep you up-to-date on the latest hardware, technologies, hacks and caffeinated properties :) Subscribe to our newsletter. Send tips and requests.
Grab our RSS feed  .

Additional Possibly Related Posts:

  • MacBook Zero-Day @ CanSecWest
  • Frappr
  • Universal iPod Remote Hack
  • Equals Party Line Facebook App

YISTA Sections Show Sections | Hide Sections

  • *nix
  • Apple
  • Arts
  • Audio
  • Caffeine
  • Coding
  • Conferences
  • Design
  • File Sharing
  • Gadgets
  • Gaming
  • Google
  • Guides
  • Hacks
  • Hardware
  • iPod
  • Laptops
  • Microsoft
  • Mobiles
  • Mods
  • Movies
  • Networking
  • News
  • Open Source
  • Parody
  • Rumors
  • Search
  • Security
  • Social Networking
  • Software
  • TV
  • Uncategorized
  • Videos
  • Viruses
  • VoIP
  • Web 2.0
  • Wireless

YISTA Sections ROFLCon Signed OLPC on eBay Mac OS X Leopard Quick Look Add-ons AppleTV “Expanded” in Traditional Hack-tastic Fashion SmackBook Your MacBook iAlertU :: MacBook Pro Alarm System Google’s Browser Sync for Firefox YouTorrent Brings Ultimate Searchability Red RIM Red RIM Rumored AppleBerry!? Countdown to iPhone: Web Apps, 6pm! Pepsi Cappuccino Cyber Eyes

Hot Topics

Apple Arts AT&T Blackberry Caffeine code Coding comic compiz Conferences Dell Design DIY DRM Firefox Flickr Gaming Google Hacks iPhone iPod iTunes Linux Macbook Mac OS X Mobiles music Nintendo OLPC Open Source Parody robots Search Security Software The Pirate Bay torrents TV Ubuntu Videos VoIP Web 2.0 web app Wii

. Sign up for the YISTA daily email
You will receive our new posts delivered right into your inbox every afternoon. It's free and easy!

Recent Comments

All Aboard the Internet Omnibus
06/06/2008 12:44 pm
2 Comments
All Colors Together - Obama Poster
05/24/2008 05:24 pm
3 Comments
5 Million Piece Lego Ball
05/21/2008 06:39 pm
1 Comment
Powerset vs. Google on Wikipedia

1 Comment

Recent Posts

Eclipse Code Swarm
06/17/2008
BMW’s Flexible GINA
06/11/2008
Hive Mind Robot Swarms By 2025
06/08/2008
Deathstar Cantina Comedy
05/31/2008
New Vids of Google’s Android
05/30/2008

About YISTA

YISTA is the No. 1 technologist's guide for geeks. w00t indeed!

Subscribe: Newsletter | RSS Feed RSS

Browse: The Archives

Contact: Tips & Requests | Advertise

Copyright © 2005-2008 YISTA. All rights reserved.  Proudly powered by WordPress.