In addition to censoring photos of state oppression, Flickr can't understand a basic XSS report
Update: Mea culpa; after several back and forths, the problem was with my site (which i was not hosting myself). Their corporate policy of to hell with activists still sucks though.
Hello,
Thank you for contacting Flickr Member Support.
I am sorry, but I am not clear about what your problem is.
We'll be happy to look into this matter for you. To do so,
we'll need the following information:- A detailed description of the exact steps taken that led
to the problem you're experiencing- The full and exact text of any error messages you
received- The Web address of the page you are seeing the issue on
- Flickr account Web address
Thank you again for contacting us. If you have any other
questions, please feel free to reply to this email.Regards,
Jake
An utter form letter with nothing applicable at all. My report did include my account and the page i was seeing it on (one and the same) and of course the problem is not an error message but a JavaScript hijacking of a link.
I had reported a that a google security alert was fake, at a "googlle.in" page, which if clicked through does indeed threaten a redirect to a highly suspicious address, helios-krefeld.de, addfreeprotectionth.cz.cc, and rdr.cz.cc in the browser history.
Lets see if i can be really really clear, and not confuse with the list of domains involved in the hijacking.
Hello Jake,
There is a Cross-site scripting attack on my flickr page, http://www.flickr.com/people/ben-agaric/
With JavaScript enabled, click on the link to People Who Give a Damn ( http://pwgd.org ) -- it will instead take you to a fake Google alert.
Please secure your site immediately.
Thank you.
benjamin
Comments
whats with pwgd.org?
Hi Benjamin
Have your DNS records been hijacked or has your registrar taken over an expired domain? Typing in pwgd.org manually still leads to some BS webpage, and an nslookup reports 205.134.239.167, which while better, doesn't appear to be pwgd.org
I would be interested to find out more about the organization if I can get to the site...
i was wrong
He was right.
Post new comment