Discovering a Cross Site Scripting Attack

As any good free-lance web developer does, I was browsing my competition’s portfolio earlier this evening.  I was curious as to how the layout was done on one of their client’s web pages, so I opened the source.  Near the bottom, there were probably 100 links injected into the page.  It turns out that they were the victim of a cross-site scripting attack.

I immediately notified the owner, but I’m still pretty excited that I made a discovery like this.  You hear about cross-site scripting attacks all the time, but I’ve never actually discovered one.

For those interested, the site in question is:  http://www.skydivecms.com/

Author: Jack Slingerland

Founder of Kernl.us. Working and living in Raleigh, NC. I manage a team of software engineers and wrk in Python, Django, TypeScript, Node.js, React+Redux, Angular, and PHP. I enjoy hanging out with my wife and son, lifting weights, and advancing Kernl.us in my free time.