Paid Advertising is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Classifieds site allows full html/javascript
Posted by: tadaka
Date: November 28, 2007 07:15PM

I recently started running some free ads on a local TV/Radio station's website and found I was able to add some minor html. Mostly just some href's and font stuff. I hated their lack of tracking functionality, so I added my google analytics info into the ad. It works perfectly and I can see how often my ad is viewed, etc.

So as long as someone have an email address and some other basic information they can create free ads full of anything they want. Nothing particularly earth shattering to exploit needed, since it lets you do just about anything.

Emails to the webmaster, etc have gone unanswered. So far no improvements to the site either. :-/

Options: ReplyQuote
Re: Classifieds site allows full html/javascript
Date: November 28, 2007 07:46PM

sweet free shit!

Options: ReplyQuote

Sorry, only registered users may post in this forum.