|
|
|
|
|
|
by mauvehaus
4872 days ago
|
|
|
And now you have me wondering if your comment gets a new id when you update it. If so, convincing people to execute random javascript code could be a good way to build karma. Let's find out :-) $('#up_5210561').click() EDIT: Comment id's remain the same when you update them. Now for the social engineering aspect... |
|
|
Social engineering would be more difficult, I seem to remember that Chrome prevents javascript strings from being pasted into it's URL (you can still type them), in order to prevent attacks just like this. There was a number of attacks on Facebook that involved asking users to copy and paste a dodgy looking javascript string into a Facebook tab in order to "win" something. Of course it just spammed posts and stole session information, but it was still an interesting attack.