Hacker News new | past | comments | ask | show | jobs | submit login
WillieStevenson on Feb 1, 2016 | hide | past | favorite

It's broken.

This URL is polled, but it never returns anything: https://livesshattack.net/LongPoller.php?num=0

Also, it has an XSS vulnerability. I would not visit the site.

Yep, I got a pop-up alert from Chrome a few minutes ago saying "really?".

EDIT: ... and another one. Screenshot: http://i.imgur.com/V708b9l.png

Vulnerable to XSS :( Escape output, especially if you expect people to attack you.

Someone fired a javascript alert while I was there.


I just flagged this due to the stored cross-user XSS vector. Doubt anyone will drop 0day on this, but the alerts are annoying, and someone will probably play sound.

You mean tailf right?

From "man tailf": 'tailf is deprecated. It may have unfixed bugs and will be removed in March 2017. Nowadays it's safe to use tail -f (coreutils) in contrast to the original documentation below.'

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact