1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

Reddit Attacked By Javascript Comment Bomb

Discussion in 'BlackHat Lounge' started by TapTapper, Sep 28, 2009.

  1. TapTapper

    TapTapper Junior Member

    Apr 15, 2009
    Likes Received:
    coder, webstore mangler
    Home Page:
    Reddit fans beware: a very effective XSS (cross site scripting) attack is currently live on the site: even hovering over a comment will cause your account to post scores of rogue comments. Turning off javascript before visiting may prevent the attack, or you may simply wish to avoid Reddit until the attack is brought under control.The attacker appears to have figured out how to insert javascript into Reddit comments: thus, hovering over such a comment is all it takes to spread the exploit. We?re not aware of anything being downloaded to your machine at this point: only a XSS attack that posts the troublesome comments in your name.
    At the time of writing, Reddit is offline.
    Update: contrary to the first version of this post, it appears your old comments are not overwritten: the attack only spawns new ones. We?ll update as we learn more.