-
Website
http://technosailor.com -
Original page
http://technosailor.com/2006/09/22/democracy-plugin-xss-vulnerability-alert/ -
Subscribe
All Comments -
Community
-
Top Commenters
-
AndyBeard
7 comments · 4 points
-
Rob
12 comments · 101 points
-
GeekMommy
4 comments · 15 points
-
chrisbachmann
5 comments · 1 points
-
chrispian
4 comments · 1 points
-
-
Popular Threads
Is it to prove it's existence?
Most people tend to think, "Aww, a hack will never happen to me". The point of this exercise was to demonstrate how very simple it is. Maybe demonstration will cause folks to be cautious regarding plugins they use.
Surely just saying what you have and omitting the actual exploit would be the way to go?
This one is a very insidious exploit.
I've a challenge. If it will be accepted.
Can you hold the author liable for any problems, even though his software is free? I'm not sure that it's fair to do so.
I may feel differently if one of my sites had been hacked - that'll certainly give you a different perspective on the matter. Either way, it's necessary to post the expoit so that a fix can be produced, whether by the author or someone else. Good to see that the author did come up with a fix, so that people had a solution instead of a freak-out period of waiting.
You need to update plugin. You can take Subscribe To Comments 2.0.5 from my MustLive Security Pack v.1.0.4 or download last version (Subscribe To Comments 2.0.8) from developer's site.