Discovering a Cross Site Scripting Attack

As any good free-lance web developer does, I was browsing my competition’s portfolio earlier this evening.  I was curious as to how the layout was done on one of their client’s web pages, so I opened the source.  Near the bottom, there were probably 100 links injected into the page.  It turns out that they were the victim of a cross-site scripting attack.

I immediately notified the owner, but I’m still pretty excited that I made a discovery like this.  You hear about cross-site scripting attacks all the time, but I’ve never actually discovered one.

For those interested, the site in question is:

Author: Jack Slingerland

I'm a software engineer working and living in Raleigh, NC. I work in Python, Django, Node.js, React+Flux, AngularJS, and PHP. I like to work out with Kettlebells, run, and spend my free time with my wife, cat, and dog.