Script Kiddie Tries To Attack SlideSix
Posted By : todd sharp Posted At : January 21, 2009 2:49 AM Posted In: Off Topic, SlideSix
5
Some script kiddie has spent the last hour and a half trying to "hack" SlideSix in what I can only assume was retaliation for my last post where I discussed differences between SlideShare and SlideSix.
Apparently this person took offense to something I said so they decided to inject some JavaScript alerts into my site by saving them in their profile bio. I overlooked the fact that JS can be fired from within an <a> tag and since I was stripping everything but that tag they found a vulnerability and had fun popping 'SlideSix Sucks' alerts for a few minutes until I locked everything down. The fix took a whole 5 minutes and the next hour and a half was wasted scouring every input to make sure nothing else was missed.
Here are a few screenshots. I'm sure the name they used is fake.
I'm not sure what it was I said that offended them, but whatever. Congratulations, you ruined my night. It's now 3:00am and I need to be up in about 4 hours. I hope you accomplished whatever it was that you set out to do.
What you said doesn't matter, but look on the bright side, at least now your site a just a little more secure than it was yesterday.
Double espresso every 3 hours and you won't even notice that you only had about 3 hours sleep.
Coffee #1 is almost done, #2 is coming soon...
And I don't consider that they did a 'hack' at all.