Exploiting HTML injection woes and Cross-Site Scripting vulnerabilities to get some backlinks is bad advice, really bad advice.
If you discover HTML injection bugs or XSS vulnerabilities you can contact the owners of the site and tell them about the problem, doing responsible disclosure - the DMOZ people are running a forum, bugs can be reported there. After the problem is fixed you can write a blog article if you think that it is really that interesting. Or you remain silent about the vulnerability you have discovered. Publishing the vulnerability without telling the owners is questionable. Writing some tutorial about how to get links out of this existing vulnerability is bad style.
If you discover HTML injection bugs or XSS vulnerabilities you can contact the owners of the site and tell them about the problem, doing responsible disclosure - the DMOZ people are running a forum, bugs can be reported there. After the problem is fixed you can write a blog article if you think that it is really that interesting. Or you remain silent about the vulnerability you have discovered. Publishing the vulnerability without telling the owners is questionable. Writing some tutorial about how to get links out of this existing vulnerability is bad style.