Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Anyone ever...
Posted by: Linus
Date: August 23, 2007 06:56PM

Had a look at stickam lately?
http://www.stickam.com/profile/linusm
I am very proud of my purdy profile.

Basically, there's no limits on stylesheets. You can break out of the layout by adding in unclosed tags within comments, stickam will auto-close these and break the layout for you, and I hear you can easily add XSS to the profiles in similar ways (I'm not even sure if <script> is blocked, never bothered).

Absolutely horrid. =)
I contacted their support team about it ages ago and got no reply, so this feels valid. Hopefully something'll get done this way.


Linus

Options: ReplyQuote


Sorry, only registered users may post in this forum.