Discovering a Cross Site Scripting Attack

Posted on by

As any good free-lance web developer does, I was browsing my competition’s portfolio earlier this evening.  I was curious as to how the layout was done on one of their client’s web pages, so I opened the source.  Near the bottom, there were probably 100 links injected into the page.  It turns out that they were the victim of a cross-site scripting attack.

I immediately notified the owner, but I’m still pretty excited that I made a discovery like this.  You hear about cross-site scripting attacks all the time, but I’ve never actually discovered one.

For those interested, the site in question is:  http://www.skydivecms.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">