Feeds:
Posts
Comments

Posts Tagged ‘hacked’

A little demonstration how to use textile and djangos (free)comment system to “take over” a site:

%{display: block; position: absolute !important; top: 25px; left: 25px; z-index: 100; background-color: red; font-size: 50px;}Your text here ... site hacked%

Textile allows CSS per default -> you can do anything with CSS -> so it’s quite easy to position any amount of HTML code anywhere on the site… Bad textile!!! Give it a try and post the code example from above on your favorite textile powered site.

Apart of being a fun hack, it could be used to exploit users by overloading links, so that they point to phishing sites.  So don’t allow untrusted people to use textile markup!

Advertisements

Read Full Post »