Hacker News new | past | comments | ask | show | jobs | submit login
Advanced JavaScript Injections (brutelogic.com.br)
55 points by known on Dec 13, 2018 | hide | past | favorite | 8 comments



People failing to load the page, note that http://webcache.googleusercontent.com/search?q=cache%3Ahttps... works.


Anyone else getting a 500 error on this?


The page does not open. At first I thought I had compromised the browser with a JavaScript exploits.

curl -v https://brutelogic.com.br/blog/advanced-javascript-injection...

* Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 503 < server: nginx < date: Thu, 13 Dec 2018 16:07:36 GMT < content-type: text/html; charset=iso-8859-1 < content-length: 323 < x-sucuri-id: 15005 < vary: Accept-Encoding < x-sucuri-cache: MISS < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>503 Service Temporarily Unavailable</title> </head><body> <h1>Service Temporarily Unavailable</h1> <p>The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.</p> </body></html> * Connection #0 to host brutelogic.com.br left intact


Here's a cached version from Google: https://webcache.googleusercontent.com/search?q=cache:BaMH6h...

Unfortunately it looks like there's a playground for you to try exploiting these vulnerabilities yourself that isn't cached.


Not sure what PHP escape method is used in the example on the server, but shouldn't \" escape to \\\" instead of \\"?


ah the good ol reddi.. err HN hug of death


It's been Slashdotted.


What's the need for this new term? Up to now, the javascript injection orgies were just called web sites.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: