Sunday, January 20, 2008

Mashable does no research before blogging ?

This was published on JAn 17th thru FD List.

"We were able to find some permanent XSS vectors in dailymotion.com: videos have a 'Title' field, which is not properly filtered and returned to user in certain conditions. So it becomes possible to execute malicious script content when user is searching for a video to add to his mood. You may also test it by entering word 'saugumas' in dailymotion.com video search field.

Screenshots are available here: http://www.critical.lt/?opinions/show/1470"



However MAshable now blogs about this and points to Aviv's post.  But should not the mashable crew do a little bit more research to figure out who really cut the vectors ?

For the record , it was Miroslav Lučinskij, of  Critical Security in Lithuania who  pwned Skype !!

Footnote to Mashable crew : for some reason your comments page hates me "Invalid email/page link or password." :(-




No comments: