1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security flaw in the "The Sun" website (UK newspaper) this thread contains Lolz

Discussion in 'Black Hat SEO' started by danclarkie, Mar 9, 2011.

  1. danclarkie

    danclarkie Newbie

    Joined:
    Feb 27, 2010
    Messages:
    49
    Likes Received:
    42
    So last week I was doing some backlink building and thought I would try for a profile link from the-sun.co.uk. You can create an account there and get a profile on mysun.co.uk/username
    Now they do some weird shit to stop you backlinking like you can use any code in the "about me" fields and stuff but then they replace the < and > so the text comes out, they also replace "href" with ****
    But once you see the obvious way to get around this piss poor system you get some weird weird results.
    You basically are able to put pretty much any HTML code into the page.
    Load in an image..sure
    Embed a youtube video....certainly sir
    Load in an iFrame... No problem!!

    Also if you dont close the tags it stops the rest of the page from loading...:rolleyes:

    I called them up and explained the secuirty flaw to them and how they could probably fix it.

    A week later its still there...
    Take a look at my profile :D
    hxxp://www.mysun.co.uk/grifferhunter

    Oh dear :p
     
  2. blindboy

    blindboy Junior Member

    Joined:
    Dec 5, 2010
    Messages:
    125
    Likes Received:
    48
    Love it...stuck up their own arses!
     
  3. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    This sort of thing is everywhere. You can load JavaScript and what's worse is you can use it to steal account information in a lot of cases. I've found these in the most unlikely places. Myspace, Craigslist, some other big video site a few months ago. Fun stuff!
     
  4. Anubis1980

    Anubis1980 Regular Member

    Joined:
    Mar 20, 2010
    Messages:
    276
    Likes Received:
    81
    Occupation:
    webmaster and father
    You are a blackhater and "this thread contains Lolz"

    so true
     
  5. M1ndfluX

    M1ndfluX Senior Member

    Joined:
    Dec 23, 2009
    Messages:
    1,119
    Likes Received:
    868
    Location:
    031010
    Now sell yourself as some guy from the staff that recruits new editors.

    Let them fill up some nice offers and make bank. NOW