₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,329,140 members, 8,439,040 topics. Date: Saturday, 04 July 2026 at 12:27 PM

Toggle theme

XSS Attack On Nairaland - Webmasters - Nairaland

Nairaland ForumScience/TechnologyWebmastersXSS Attack On Nairaland (1014 Views)

1 Reply (Go Down)

XSS Attack On Nairaland by Superstar007(op): 4:50pm On Apr 14, 2015
The second page of the post
" Ngozi Okonjo - Iweala Captured With
APC Leaders At The Airport" keeps redirecting to a link that requires one to input their username and password. The link to the page is

https://www.nairaland.com/2255864/ngozi-okonjo-iweala-captured-apc/1

Attached below is a screen shot of this attack.
Seun, please take note.

Re: XSS Attack On Nairaland by Enegod(m): 5:13pm On Apr 14, 2015
this is serious!
Re: XSS Attack On Nairaland by 100ksalescom(m):
Seun oooo.

Una don vex the guy. grin
See what he said in the pic i attached and underlined in red.
Naija ppl get mouth sha...

[size=15pt]But on a serious note i think if Seun adds some request filtering to his web config it would solve the issue.
That way you sanitize whats going into the system 1st.

Other webmasters please feel free to contribute.
Abi Na only Wordpress and Blogger una sabi installhuh undecided [/size]

Re: XSS Attack On Nairaland by Grime:
It's a small thing.

All the culprit is doing is just including malicious javascript code in his posts, and of course there is no way you would notice without looking through the source code of post pages since the script won't be visible in his posts.

What the admin has been doing is deleting the offending post, banning the poster, and then censoring the offending url (usually from free hosts).
But I wonder if this is sustainable since the culprit can always create a new account, make new posts, and find another free host.

So, in summary, there is no intrusion to the server whatsoever, it's all happening at the front end. This type of XSS attack is like the "I am being a nuisance" type.
The culprit will get tired sooner or later.

...But while we wait for the attacker to get tired, we must consider that this website has big advertisers. If they lose their account to some kid in Yaba, trust for NL will take a hit.
There is only one way to solve this problem once and for all, and I am surprised it hasn't been implemented yet.
Re: XSS Attack On Nairaland by nnamdiosu(m): 8:39am On Apr 15, 2015
Grime:
It's a small thing.

All the culprit is doing is just including malicious javascript code in his posts, and of course there is no way you would notice without looking through the source code of post pages since the script won't be visible in his posts.

What the admin has been doing is deleting the offending post, banning the poster, and then censoring the offending url (usually from free hosts).
But I wonder if this is sustainable since the culprit can always create a new account, make new posts, and find another free host.

So, in summary, there is no intrusion to the server whatsoever, it's all happening at the front end. This type of XSS attack is like the "I am being a nuisance" type.
The culprit will get tired sooner or later.

...But while we wait for the attacker to get tired, we must consider that this website has big advertisers. If they lose their account to some kid in Yaba, trust for NL will take a hit.
There is only one way to solve this problem once and for all, and I am surprised it hasn't been implemented yet.
wonderful . bro u seem a pro in ethical hacking. can u pls mentor me?
1 Reply

What Is The Right Way To Escape User Input And Output Data Against Xss And Sql IPlease Is This Script Free From Sql Injection And Xss AttacksHow To Check If Your Wordpress Site Is Vulnerable To XSS Attack234

Web Designer NeededWho Can Partner Me On His Adsence Account.....i Will Pay U MonthlyCheck Out This Amazing Blog Created And Managed Only With An Android Phone.