Story about dealing with a hack/attack?

Week 93 Group Rant

kiki

6y

One of our teachers developed a website for our university about three years ago. That was something like assignments management system + social network + schedule, everything in the world as one website.

It seemed like he didn't put any code escaping at all. Injected a block of CSS that made the entire page slowly fade away when some user tried to look at my page. Other teachers stared at it as if it was pure magic, doubting their sanity.

Still isn't fixed btw :)

rant

wk93

Ranter

Comments

8

DjSall

1599

6y

"doubting their sanity" has me cracking up hahahhaha. Thanks dude. CSS animations can be fun
4

mckms

32

6y

My school also does something similar where they just allow you to put pure html into your profile. I let the <script> tags run wild!
1

aritzh

756

6y

Mine cryptos!!
1

kiki

33190

6y

@aritzh there's already a css keylogger, let there be a css cryptocurrency miner :)
1

aritzh

756

6y

@uyouthe can you not inject JS if you injected CSS?
1

kiki

33190

6y

@aritzh of course yes, but just imagine mining coins with css

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service