Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
A common bug in comment preview that leads to an XSS attack
Mar 15 2007 10:29AM
Daniel Martin (martin snowplow org)
Recently, I have noticed that many blogs or other fora that allow
user-posted comments suffer from a common bug with regards to comment
preview, such that the comment previewing feature can be exploited
with an XSS type 1 attack.
To test if your favorite blog is vulnerable in this fashion, enter
[ more ]
Copyright 2010, SecurityFocus