PDA

View Full Version : Cross site scripting attack flagged !



G0DZB
27th Jun 2015, 09:32
"NoScript" just flagged a Cross site scripting attack from http://www.arpoc.org/activations/326-june-28h-sunday-river.html It seems to be something to do with "s7.addthis.com"

THis is in the NoScript consol log ...

"




.d8888b. 888 888
d88P Y88b 888 888
Y88b. 888 888 This is a browser feature intended for
"Y888b. 888888 .d88b. 88888b. 888 developers. If someone told you to copy
"Y88b. 888 d88""88b 888 "88b 888 and paste something here to enable a
"888 888 888 888 888 888 Y8P Facebook feature or "hack" someone's
Y88b d88P Y88b. Y88..88P 888 d88P account, it is a scam and will give them
"Y8888P" "Y888 "Y88P" 88888P" 888 access to your Facebook account.
888
888
888

For more information, see https://www.facebook.com/selfxss.
"

HTH

M0LMK
27th Jun 2015, 17:30
Thats interesting. the addthis plugin is disabled so it shouldn't be doing anything!

I'll take a look in to it.

M0LMK
28th Jun 2015, 18:46
Looks like this is a common problem with the addthis script.

The script is safe and seems to load on every page (strange how the warning only comes up on that page though). We don't use it here anyway so I have removed it just to be sure we are all safe.

Good catch Peter. Please let me know if the error is gone.