I just received an email from a clearly smart fellow who demonstrated a Cross-Site Scripting (XSS) exploit using a vulnerability in this blog. A user would need to be tricked into clicking on a specially crafted link which would eventually infect their computer with bad stuff. Our up-to-now nameless white-hat hacker has got $50 in the bag, but for my presentation I need this blog’s file system or database modified. A defacement. I’d wager he gets it done since it looks like this exploit could lead to code injection if crafted correctly. If so he’d get another $100, which is still up for grabs!
I’ll post the exploit tomorrow if our hacker gives permission.