Welcome, Guest: Join Nairaland / LOGIN! / Trending / Recent / New
Stats: 2,798,624 members, 6,687,415 topics. Date: Saturday, 22 January 2022 at 06:19 PM

XSS Attack On Nairaland - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / XSS Attack On Nairaland (790 Views)

What Is The Right Way To Escape User Input And Output Data Against Xss And Sql I / Please Is This Script Free From Sql Injection And Xss Attacks / How To Check If Your Wordpress Site Is Vulnerable To XSS Attack (2) (3) (4)

(1) (Reply) (Go Down)

XSS Attack On Nairaland by Superstar007(m): 4:50pm On Apr 14, 2015
The second page of the post
" Ngozi Okonjo - Iweala Captured With
APC Leaders At The Airport" keeps redirecting to a link that requires one to input their username and password. The link to the page is

https://www.nairaland.com/2255864/ngozi-okonjo-iweala-captured-apc/1

Attached below is a screen shot of this attack.
Seun, please take note.

Re: XSS Attack On Nairaland by Enegod(m): 5:13pm On Apr 14, 2015
this is serious!
Re: XSS Attack On Nairaland by 100ksalescom(m): 5:35pm On Apr 14, 2015
Seun oooo.

Una don vex the guy. grin
See what he said in the pic i attached and underlined in red.
Naija ppl get mouth sha...

[size=15pt]But on a serious note i think if Seun adds some request filtering to his web config it would solve the issue.
That way you sanitize whats going into the system 1st.

Other webmasters please feel free to contribute.
Abi Na only Wordpress and Blogger una sabi install undecided [/size]

Re: XSS Attack On Nairaland by Grime: 7:25pm On Apr 14, 2015
It's a small thing.

All the culprit is doing is just including malicious javascript code in his posts, and of course there is no way you would notice without looking through the source code of post pages since the script won't be visible in his posts.

What the admin has been doing is deleting the offending post, banning the poster, and then censoring the offending url (usually from free hosts).
But I wonder if this is sustainable since the culprit can always create a new account, make new posts, and find another free host.

So, in summary, there is no intrusion to the server whatsoever, it's all happening at the front end. This type of XSS attack is like the "I am being a nuisance" type.
The culprit will get tired sooner or later.

...But while we wait for the attacker to get tired, we must consider that this website has big advertisers. If they lose their account to some kid in Yaba, trust for NL will take a hit.
There is only one way to solve this problem once and for all, and I am surprised it hasn't been implemented yet.

1 Like

Re: XSS Attack On Nairaland by nnamdiosu(m): 8:39am On Apr 15, 2015
Grime:
It's a small thing.

All the culprit is doing is just including malicious javascript code in his posts, and of course there is no way you would notice without looking through the source code of post pages since the script won't be visible in his posts.

What the admin has been doing is deleting the offending post, banning the poster, and then censoring the offending url (usually from free hosts).
But I wonder if this is sustainable since the culprit can always create a new account, make new posts, and find another free host.

So, in summary, there is no intrusion to the server whatsoever, it's all happening at the front end. This type of XSS attack is like the "I am being a nuisance" type.
The culprit will get tired sooner or later.

...But while we wait for the attacker to get tired, we must consider that this website has big advertisers. If they lose their account to some kid in Yaba, trust for NL will take a hit.
There is only one way to solve this problem once and for all, and I am surprised it hasn't been implemented yet.

wonderful . bro u seem a pro in ethical hacking. can u pls mentor me?
Re: XSS Attack On Nairaland by Hotspotbro(m): 10:54am On Dec 07, 2021
window.onload="http://www.bet9ja.com"

(1) (Reply)

Nigerian Internet Webmasters Association (NIWA) / How Our Dear Nairaland Looked In The Past (wayback 2005) / Ember Web Development Training At Great Discount With Yemlat

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2022 Oluwaseun Osewa. All rights reserved. See How To Advertise. 46
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.