Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reddit Javascript Exploit Spreading Virally

Posted by CmdrTaco on Monday September 28, 2009 @01:39AM from the hate-when-that-happens dept.

Nithendil writes "guyhersh from reddit.com describes the situation (warning: title NSFW): Based on what I've seen today, here's what went down. Reddit user Empirical wrote javascript code where if you copied and pasted it into the address bar, you would instantly spam that comment by replying to all the comments on the page and submitting it. Later xssfinder posted a proof of concept where if you hovered over a link, it would automatically run a Javascript. He then got the brilliant idea to combine the two scripts together, tested it and it spread from there."

3 of 239 comments (clear)

Min score:

Reason:

Sort:

Liar liar by Anonymous Coward · 2009-09-28 01:43 · Score: -1, Troll

pants on Fire... fox.
Well, that site has a terrible design by BadAnalogyGuy · 2009-09-28 01:45 · Score: -1, Troll

I won't hold Slashdot up as some paragon of website design, but that reddit site really leaves a lot to be desired.
Is this really a concern? Can a site with such a terrible look and feel really have so many users? WTF is reddit anyway?
1. Re:Well, that site has a terrible design by mandark1967 · 2009-09-28 01:53 · Score: 1, Troll
  
  So it's like the Slashdot firehose, except people read it?
  wow...
  
  --
  Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain