[imc-sf-active] Dangerous Refresh content on comments
mat(a)riseup.net
mat at riseup.net
Fri Sep 22 16:23:47 PDT 2006
Hello, in sf-active 0.9.4 if you put this in the title of a comment, you can
redirect the people browsing the article.
<META HTTP-EQUIV=Refresh CONTENT='0;URL=http://www.indymedia.org'>
This is an example with the redirect to www.indymedia.org but one person has
been spamming argentina site with porn sites redirections.
I put it in a new test article in indy argentina, see it here.
http://argentina.indymedia.org/news/2006/09/443786.php
This is a new comment, but if you put a new comment with this in the title,
the redirect works.
Can this be disabled in the CVS version of sf-active ?
Bye
Mat
More information about the imc-sf-active
mailing list