XSS Attack On Nairaland - Webmasters - Nairaland
Nairaland Forum / Science/Technology / Webmasters / XSS Attack On Nairaland (922 Views)
What Is The Right Way To Escape User Input And Output Data Against Xss And Sql I / Please Is This Script Free From Sql Injection And Xss Attacks / How To Check If Your Wordpress Site Is Vulnerable To XSS Attack (2) (3) (4)
| XSS Attack On Nairaland by Superstar007(m): 4:50pm On Apr 14, 2015 |
The second page of the post " Ngozi Okonjo - Iweala Captured With APC Leaders At The Airport" keeps redirecting to a link that requires one to input their username and password. The link to the page is https://www.nairaland.com/2255864/ngozi-okonjo-iweala-captured-apc/1 Attached below is a screen shot of this attack. Seun, please take note.
|
| Re: XSS Attack On Nairaland by Enegod(m): 5:13pm On Apr 14, 2015 |
this is serious! |
| Re: XSS Attack On Nairaland by 100ksalescom(m): 5:35pm On Apr 14, 2015 |
Seun oooo. Una don vex the guy.  See what he said in the pic i attached and underlined in red. Naija ppl get mouth sha... [size=15pt]But on a serious note i think if Seun adds some request filtering to his web config it would solve the issue. That way you sanitize whats going into the system 1st. Other webmasters please feel free to contribute. Abi Na only Wordpress and Blogger una sabi install   [/size]
|
| Re: XSS Attack On Nairaland by Grime: 7:25pm On Apr 14, 2015 |
It's a small thing. All the culprit is doing is just including malicious javascript code in his posts, and of course there is no way you would notice without looking through the source code of post pages since the script won't be visible in his posts. What the admin has been doing is deleting the offending post, banning the poster, and then censoring the offending url (usually from free hosts). But I wonder if this is sustainable since the culprit can always create a new account, make new posts, and find another free host. So, in summary, there is no intrusion to the server whatsoever, it's all happening at the front end. This type of XSS attack is like the "I am being a nuisance" type. The culprit will get tired sooner or later. ...But while we wait for the attacker to get tired, we must consider that this website has big advertisers. If they lose their account to some kid in Yaba, trust for NL will take a hit. There is only one way to solve this problem once and for all, and I am surprised it hasn't been implemented yet. 1 Like |
| Re: XSS Attack On Nairaland by nnamdiosu(m): 8:39am On Apr 15, 2015 |
Grime: wonderful . bro u seem a pro in ethical hacking. can u pls mentor me? |
(1) (Reply)
Urgent Need Of A Web Developer / Pls Help Me. Facebook Deleted My 45,000 Facebook Group / '
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 13 |