diblix's wall

View all
Highlighted comment

Found an xss vulnerability in diblix: https://diblix.com/profile?id=167

You can run arbitrary javascript which is obviously not good

do you know how to prevent it?

Either use a regex so you can't use arbitrary characters in a username (best solution) or set element.innerText instead of element.innerHTML

well in beta 2.0 you can only use letters numbers and underscores so i think that solves it

if i were you i would advertise my diblix profile for some easy subs on wasteof

might be a bit different now lol