Journal gbulmash's Journal: CSS Trick Hijacks MySpace Pages, Blogs
I got a MySpace friend request this morning. When I clicked over to the person's page, I found that clicking just about anywhere on it sent me to a porn site. Looking at the source, I found that this was accomplished through a simple piece of CSS. Wondering how effective it was, I tried it on my Akismet-protected blog and another and was able to hijack the pages. Seems that anywhere that you allow people to put HTML tags in a comment, unless you're filtering for this, they may be able to hijack the page where the comment is displayed.
CSS Trick Hijacks MySpace Pages, Blogs More Login
CSS Trick Hijacks MySpace Pages, Blogs
Slashdot Top Deals