| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: CIA.gov XSS | Threat Level. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
CIA.gov XSS | Threat Level
by Rattle at 8:47 pm EDT, Apr 17, 2008 |
In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code. Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist. For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.
This story went up at 3:26pm, and it's still working at 8:45pm. This would be great for a prank form... Update: This is still working today. So much for fast response.. Here is the obligatory memestreams @ cia.gov link. |
| |
RE: CIA.gov XSS | Threat Level
by Vile at 10:44 pm EDT, Apr 18, 2008 |
Rattle wrote: In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code. Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist. For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.
This story went up at 3:26pm, and it's still working at 8:45pm. This would be great for a prank form... Update: This is still working today. So much for fast response.. Here is the obligatory memestreams @ cia.gov link.
You invented memestreams. How dare you give us this post!!! Beneath you!! As sole creator, you owe the best possible use of memes on the site, son. Your memeing, in this instance, is not the caliber of meme that we should expect from the inventor. |
|
| |
RE: CIA.gov XSS | Threat Level
by Vile at 12:38 am EDT, Apr 19, 2008 |
Rattle wrote: In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code. Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist. For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.
This story went up at 3:26pm, and it's still working at 8:45pm. This would be great for a prank form... Update: This is still working today. So much for fast response.. Here is the obligatory memestreams @ cia.gov link.
I still don't know why you posted this. HOW STUPID OF YOU~~~~ |
|
CIA.gov XSS still working
by Acidus at 5:45 pm EDT, Apr 18, 2008 |
In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code. Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist. For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.
This story went up at 3:26pm, and it's still working at 8:45pm. This would be great for a prank form... Update: This is still working today. So much for fast response.. Here is the obligatory memestreams @ cia.gov link. SSL no less. |
| |
RE: CIA.gov XSS still working
by Simon C. Ion at 8:50 pm EDT, Jun 5, 2008 |
Acidus wrote: In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code. Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist. For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.
This story went up at 3:26pm, and it's still working at 8:45pm.
June 5, 19:50: This is *still* working. |
|
There is a redundant post from ubernoir not displayed in this view.
|
|
