I just received an email from a clearly smart fellow who demonstrated a Cross-Site Scripting (XSS) exploit using a vulnerability in this blog.  A user would need to be tricked into clicking on a specially crafted link which would eventually infect their computer with bad stuff.   Our up-to-now nameless white-hat hacker has got $50 in the bag, but for my presentation I need this blog’s file system or database modified.  A defacement.  I’d wager he gets it done since it looks like this exploit could lead to code injection if crafted correctly.  If so he’d get another $100, which is still up for grabs!

I’ll post the exploit tomorrow if our hacker gives permission.

Good stuff.

Leave a Reply

Your email address will not be published. Required fields are marked *