Comments on: Create your own Engadget sub domains http://www.blogstorm.co.uk/make-your-own-engadget-subdomains/ Internet marketing and search engine optimisation Fri, 27 Jan 2012 13:42:03 +0000 hourly 1 http://wordpress.org/?v=3.1 By: Patrick Altoft http://www.blogstorm.co.uk/make-your-own-engadget-subdomains/#comment-181 Patrick Altoft Sat, 30 Jun 2007 16:50:02 +0000 http://www.blogstorm.co.uk/newblog/make-your-own-engadget-subdomains/#comment-181 Andrew, I'm not trying to do an XSS attack. Just having a bit of fun with the fact Engadget doesn't validate their input.<br /> <br /> My post makes no mention of injections or XSS.<br /> <br /> The point is that if somebody else can come along and create an unlimited number of blank pages on your site you are at risk of some serious Google penalties. <BR>Wendy, I know some people in the US are taking a long weekend this weekend as well but you are quite right.<img src="http://www.blogstorm.co.uk/images/icon_smile.gif" alt="Smile"> Andrew, I’m not trying to do an XSS attack. Just having a bit of fun with the fact Engadget doesn’t validate their input.

My post makes no mention of injections or XSS.

The point is that if somebody else can come along and create an unlimited number of blank pages on your site you are at risk of some serious Google penalties.

Wendy, I know some people in the US are taking a long weekend this weekend as well but you are quite right.Smile

]]> By: wendy http://www.blogstorm.co.uk/make-your-own-engadget-subdomains/#comment-179 wendy Sat, 30 Jun 2007 11:18:32 +0000 http://www.blogstorm.co.uk/newblog/make-your-own-engadget-subdomains/#comment-179 people in the states are away Next weekend, not this. 4th of july and the 4 days following... people in the states are away Next weekend, not this. 4th of july and the 4 days following…

]]> By: andrew http://www.blogstorm.co.uk/make-your-own-engadget-subdomains/#comment-178 andrew Sat, 30 Jun 2007 10:40:51 +0000 http://www.blogstorm.co.uk/newblog/make-your-own-engadget-subdomains/#comment-178 How is this injecting anything, you're simply making use of a wildcard entry in the vhosts configuration. Those files don't actually exist, it's just the URL you're entering. They're not putting that information back out on the page, so you've got no chance of an XSS or injection style attack. How is this injecting anything, you’re simply making use of a wildcard entry in the vhosts configuration. Those files don’t actually exist, it’s just the URL you’re entering. They’re not putting that information back out on the page, so you’ve got no chance of an XSS or injection style attack.

]]>