Thursday, July 05, 2007

Unmoderated Comments With JavaScript References

We have seen reports from several Bloggers that anonymous posters are making unmoderated comments to their blogs, containing a JavaScript reference, which redirects the reader to another web site. Right now, the reference, and the redirection, appears to be used for pumping up the reputation in individual quotes in QDB.com, but it doesn't require a lot of imagination to see how versatile this vulnerability could be in the long run.

Start by immediately moderating all blog comments, until this vulnerability is fixed.

>> Blogger Employee says
I pass it along (again) and we'll see if we can do anything about this.


>> (Update 7/6 10:00): Blogger Employee says
We made some changes to address the vulnerability issue (yesterday) so this should no longer be a problem.


>> Forum thread links: bX-*00055

>> Copy this tag: bX-*00055

>> Top

1 comment:

jjh said...

I have this problem on my blog, any word from Google if they're doing anything abou t it?