I'd just like to point out that I defanged that exploit about 1min after it went live - just before you deleted it
I just wanted to check it was a real XSS before I reported it.
I'd just like to point out that I defanged that exploit about 1min after it went live - just before you deleted it
I just wanted to check it was a real XSS before I reported it.
And yay! The exploit is live and working on the front page.
Question: is there a XSS in the "Side Bar WTF" widget on the front page of the main Daily WTF site? The previous post about <filename>.dmg showed up on the main site with the <filename> bit not escaped, which makes me wonder how this post will show up.
Also: What is it with blocking Mailinator email addresses? It's not like I'm going to trust my real email address to the people who wrote this...