domingo, 8 de junio de 2008

How I hacked Digg

Two weeks ago I filed a bug report on, explaining several XSS vulnerabilities and bugs I found. Some of these were (and some still are!) very critical. A day later, I got an automated response to my report:

We’ve contacted our development team who are investigating the issue, and will fix it as soon as possible.

All well and good I thought, but when a few days ago all vulnerabilities were still there, I decided to exploit one of them.

No hay comentarios: