Ok, I watched History of Hacking this morning and felt the urge to try to use my minimal ‘hacking’ skills. I got around to trying to find XSS (Cross site scripting) holes in Digg. And found one pretty quickly…

Easy! ok. Now what can we do?

I came up with the idea to try to craft a url and see what kind of things I could do from JavaScript. First thing I tried was to Digg a story with it. To my knowledge you can’t because the function requires a unique hash and I didn’t have access to that hash since the hole wasn’t on the main page. But you can do comments from forced forms and some others stuff =].

*Crosses fingers*…

What did you do, you ask? Well when you came here, if you were logged in - you might have been a victim of XSS.

Again, thank you for your time.

PS. STAY TUNED TO SEE WHAT HAPPENS NEXT =]. I assure you, you will want to.