Via Slashdot, Web Security posted a message about a cross site scripting vulnerability at Google:
Two XSS vulnerabilities were identified in the Google.com website, which allow an attacker to impersonate legitimate members of Google’s services or to mount a phishing attack. Although Google uses common XSS countermeasures, a successful attack is possible, when using UTF-7 encoded payloads.
One of the links in the slashdot submission is described by Phosphor3k as:
Someone [who] is trying to get their Pagerank up by submitting the story with a name of “Security Test” and linking to their shoddy website. The site has only a few links, no content, and it says the page is for sale. Will slashdot ever get their shit together and stop posting submissions with blatant pagerank-whoring links like this?
We covered spam sites getting slashdotted earlier . . . so it must not be that difficult. If you have a compelling and timely story, you can often include a link to one of your sites and get it passed the mods if the destination page looks legitimate. To me, this is the ultimate in link dumping.
Leave a Reply
You must be logged in to post a comment.