Is codeforces site vulnerable in XSS attack? - Codeforces

→ Pay attention

Before contest
Codeforces Round 951 (Div. 2)
3 days
Register now »

*has extra registration

→ Top rated

#	User	Rating
1	tourist	3757
2	jiangly	3647
3	Benq	3581
4	orzdevinwang	3570
5	Geothermal	3569
5	cnnfls_csy	3569
7	Radewoosh	3509
8	ecnerwala	3486
9	jqdai0815	3474
10	gyh20	3447

Countries | Cities | Organizations

→ Top contributors

#	User	Contrib.
1	maomao90	171
2	awoo	165
3	adamant	163
4	TheScrasse	159
5	maroonrk	155
6	nor	154
7	-is-this-fft-	152
8	Petr	147
9	orz	145
9	pajenegod	145

View all →

→ Find user

→ Recent actions

Detailed →

Is codeforces site vulnerable in XSS attack?

Revision en4, by nyan101, 2016-10-18 19:22:31

Today, I saw an weird situation in Codeforces. When I enter the site, it showed me a usual site for a moment. But after that, it turned to blank webpage with only a string "What does this code do?". I saw the webpage's HTML code and found out there's an unusual javascript snippet in the blog entry. I thought it's kind of an XSS attack and tried again with "block javascript" option on.(and then I could see the usual site)

I'm not sure why this happened, but hope this won't last long. If the administrator of the Codeforce can see this, please fix it soon.

p.s. The author of that article(with harmful script) is "10minutemail", it seems he(or she) used a temporal mail. But I believe that Codeforces' server log can help find out who he/she is.

p.s.2. I'm not sure if the "Add Images" work without Javascript, so I add the imgur link for what I found ( http://imgur.com/a/vSEOT )

History

Revisions

	Rev.	Lang.	By	When	Δ	Comment
	en4		nyan101	2016-10-18 19:22:31	133
	en3		nyan101	2016-10-18 19:19:37	8
	en2		nyan101	2016-10-18 19:19:09	142
	en1		nyan101	2016-10-18 19:16:48	682	(published)