z4120's blog

By z4120, history, 3 years ago, In English

Try clicking this link (the domain is codeforces.com)

How I discovered this

UPD: The bug is fixed now, however there's another (see the comment below)

 
 
 
 
  • Vote: I like it
  • +71
  • Vote: I do not like it

»
3 years ago, # |
Rev. 2   Vote: I like it +37 Vote: I do not like it

Thanks for the super quick fix, but it's still impossible to preview a post with one of <>" in the title.

That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.

(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)