Nitesh Dhanjani

Here are pictures of fireworks taken from my apartment balcony (facing Post Oak, Houston, TX) today. The fireworks were setup at a parking lot right in front of my apartment (see pictures 4 and 8) , so I had a great view:

While trying to use the ‘search’ feature on Digg, I realized that it is vulnerable to Cross Site Scripting (XSS). The search string is echoed back without proper output encoding. Example:

http://digg.com/search?search=%3Cscript%3Ealert%28%27vulnerable%20to%20xss%27%29%3B%3C%2F
script%3E&submit=Submit

I haven’t checked to see if the comments or new story submission modules are affected – if they are, things could get pretty messy. I have contacted the Digg team about this, lets hope they fix it soon.

Update: They fixed it this morning.

According to this posting on the Full Disclosure mailing list, Papa John’s Pizza’s web-based e-mail system was not password protected for a while. They have since fixed the problem, but Google currently has the information in its cache. The following Google query will let you see these e-mails (click on the ‘Cached’ links):

Now try the following query to find the more interesting e-mails:

Update: Google cache no longer contains the above information.