As any good free-lance web developer does, I was browsing my competition’s portfolio earlier this evening. I was curious as to how the layout was done on one of their client’s web pages, so I opened the source. Near the bottom, there were probably 100 links injected into the page. It turns out that they were the victim of a cross-site scripting attack.
I immediately notified the owner, but I’m still pretty excited that I made a discovery like this. You hear about cross-site scripting attacks all the time, but I’ve never actually discovered one.
For those interested, the site in question is: http://www.skydivecms.com/