CATEGORIES
- NYC COVERAGE
- WEB STARTUPS
- WEB NEWS
- CONFERENCES
- WEB TECH JOBS
- VENTURE CAPITAL
- MICROSOFT
- INTERVIEWS
- ADVERTISING
- VIDEO
- ALL TOPICS
- ALL COMPANIES
CONTRIBUTORS
- ADRIAN CHAN
- ALICIA NAVARRO
- ALLEN STERN
- CORSIN CAMICHEL
- DRAMA 2.0
- DARREN HERMAN
- HANK WILLIAMS
- MARK DAVIS
- RICK TUROCZY
- SANFORD DICKERT
- SHANNON CLARK
- Comment on YouTube Down by DVS01
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by Satoshi Nakajima
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by OMG Stop the Web! Twitter is gonna run ads ? and Scoble says you?ll love it
- Comment on What?s Up With Yahoo Mail Delivery? by MJ
Flixster Apparently Sells Viagra Online
Popular movie recommendation service Flixster has what appears to be a huge security hole in their commenting system. This morning we had over 100 spam emails in our inbox which all contained links to Flixster. The links look something like this:
www.flixster.com/friends.do?displayRatings=&friendsUserId=821854498&buy-viagra-online
(do not paste the link in as it may contain spyware or worse)
When you visit this link, the page appears for an instant then another instant later is taken over by an order viagra page. Checking with our security consultants, it appears this security hole is a cross side scripting (xss) hack. We were able to easily duplicate the issue but for obvious reasons we will not share how it’s done. We have alerted Flixster staff about this security hole and will update this post once we hear back.
Compete reports U.S. Flixster traffic for March at 2.5 million unique visitors, down from 5 million in January.
Here’s an example of a hacked page:
Thanks for the heads up. Fixed now.
-Saran
Anytime! Glad you were able to get it fixed up.