Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Deadsimple.me – Low Noise Single Page Websites
(
deadsimple.me
)
18 points
by
corruptnetwork
on Sept 12, 2011
|
hide
|
past
|
favorite
|
8 comments
sweis
on Sept 13, 2011
|
next
[–]
Howdy. I think this is vulnerable to cross-site scripting. For example:
http://deadsimple.me/foobar/
ElbertF
on Sept 13, 2011
|
parent
|
next
[–]
Yup, the cookie isn't limited to your path. What's even worse, when logged in you can edit any page:
http://deadsimple.me/foobar/?edit
corruptnetwork
on Sept 13, 2011
|
root
|
parent
|
next
[–]
Well, you can edit pages which are NOT password protected from the owner. That's fine.
sweis
on Sept 13, 2011
|
root
|
parent
|
next
[–]
I tried to password-protect the page in question. It may not be working properly.
corruptnetwork
on Sept 13, 2011
|
root
|
parent
|
next
[–]
Alright, issue should be solved now. Try yourself! Thanks.
sweis
on Sept 13, 2011
|
root
|
parent
|
prev
|
next
[–]
Well, that makes the XSS vulnerability kind of moot.
hollerith
on Sept 13, 2011
|
prev
[–]
How is this different from Jottit?
corruptnetwork
on Sept 13, 2011
|
parent
[–]
Jottit is overfeatured.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
