Hacker News new | comments | show | ask | jobs | submit login

From the dignostics page (http://www.google.com/safebrowsing/diagnostic?site=http://ph...):

>> Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/.

What does this mean? How do these sites relate to php.net?

Probably javascript files planted on php.net are being pulled from servers behind those domains.

php.net allows users to post answers and examples of code throughout the website. Likely, one of the submission forms has/had a hole that allowed someone to submit or alter actual JS code.

This seems like a pretty darn good example of cross-side scripting... and possibly someone not sanitizing inputs?

No, not at all.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact