Блог пользователя nyan101

Автор nyan101, история, 8 лет назад, По-английски

Today, I saw an weird situation in Codeforces. When I enter the site, it showed me a usual site for a moment. But after that, it turned to blank webpage with only a string "What does this code do?". I saw the webpage's HTML code and found out there's an unusual javascript snippet in the blog entry. I thought it's kind of an XSS attack and tried again with "block javascript" option on.(and then I could see the usual site)

I'm not sure why this happened, but hope this won't last long. If the administrator of the Codeforce can see this, please fix it soon.

p.s. The author of that article(with harmful script) is "10minutemail", it seems he(or she) used a temporal mail. But I believe that Codeforces' server log can help find out who he/she is.

p.s.2. I'm not sure if the "Add Images" work without Javascript, so I add the imgur link for what I found ( http://imgur.com/a/vSEOT )

  • Проголосовать: нравится
  • +76
  • Проголосовать: не нравится

»
8 лет назад, # |
  Проголосовать: нравится +15 Проголосовать: не нравится

Not sure but I guess someone read your blog and exploited this vulnerability shortly afterwards. Until around 5 minutes before I saw message "Codeforces is experiencing some technical difficulties. Please wait." even though problem pages and direct links worked fine. The message was only on homepage in an extremely unusual(in terms of UI) way similar to the "who does the code do?" Message you show. image. Would be great if someone(maybe from CF team) could explain further.

  • »
    »
    8 лет назад, # ^ |
    Rev. 2   Проголосовать: нравится +11 Проголосовать: не нравится

    oh.. I couldn't consider such case, it's my fault if some malicious users exploited that vulnerability. I thought reporting that there is a person who did attack to CF was the most urgent thing and that thought made me write this careless blog.(I also emailed and sent a message to Mike Mirzayanov, but I wasn't sure which is the fastest way to contact with him.)

    thank you for the indication.