Wednesday, July 26, 2006

AOL Fixes Netscape.com XSS Hack

Nate Mook writes on BetaNews:

AOL's newly launched user-driven Netscape.com fell victim to a cross-site scripting (XSS) attack early Wednesday, the result of the site not properly sanitizing submitted news stories. Visitors to Netscape.com encountered crude pop-up messages and redirects to rival site Digg.

The problem stemmed from inadequate filtering of stories, which did not strip out JavaScript code that exploited an XSS issue. "The site was never compromised," an AOL spokesperson told BetaNews. "The issue lasted a couple hours before it was fixed." The company says it does not believe any malicious code was submitted during that timeframe.

More here.

0 Comments:

Post a Comment

<< Home