Script Kiddie Tries To Attack SlideSix
Posted By : todd sharp Posted At : January 21, 2009 2:49 AM Posted In: Off Topic, SlideSix
5
Some script kiddie has spent the last hour and a half trying to "hack" SlideSix in what I can only assume was retaliation for my last post where I discussed differences between SlideShare and SlideSix.
Apparently this person took offense to something I said so they decided to inject some JavaScript alerts into my site by saving them in their profile bio. I overlooked the fact that JS can be fired from within an <a> tag and since I was stripping everything but that tag they found a vulnerability and had fun popping 'SlideSix Sucks' alerts for a few minutes until I locked everything down. The fix took a whole 5 minutes and the next hour and a half was wasted scouring every input to make sure nothing else was missed.
Here are a few screenshots. I'm sure the name they used is fake.

I'm not sure what it was I said that offended them, but whatever. Congratulations, you ruined my night. It's now 3:00am and I need to be up in about 4 hours. I hope you accomplished whatever it was that you set out to do.



