The Script Kiddie Cookbook

When a script kiddie injects a chunk of javascript or a frame into a website, it generally gets fixed pretty quickly and everyone laughs about it. Maybe developers should think twice – those XSS exploits can cause a lot of harm, as detailed here.

I just got though jumping through hoops, getting special characters stripped from forms galore in an app. It was a pain in the butt, and the whole time I was thinking “who cares” if someone sticks a random reference to some other site, or a smiley faced pop-up. I did the work anyway, but I certainly won’t be shrugging off the risks anymore.

***UPDATE***

Brian Krebs has uncovered a few big sites that are affected by XSS. The NSA? Heh.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.