Submitted by greggles on
A friend pointed out the relatively hilarious site devisgh.com where developers can commiserate about the stupid things they have to do. I noticed that the upvote mechanism was vulnerable to a Cross Site Request Forgery (it's the kind of thing I notice when browsing around, like on tumblr).
So, I created a "sigh" pointing to some documentation for how to avoid CSRF. and then I put the upvote into an image in the footer of this site to drive votes.
Note that I didn't put any width/height parameters on that, nor did I use css to make it display:none.
So, my sigh got a few hundred upvotes and I'm sure that made them wonder about it, find the problem was coming from this site, and instead put a hilarious image at the url for the upvote which meant it got included into my footer. They also fixed the CSRF by using a per-vote token.
Well done, devsigh.com.
- Log in to post comments