You know, I always wondered if the way tumblr handled external video embeds could lead to malicious code execution.

Mon Dec 3, 11:56 AM

As it turns out: Yup.

(If you look closely the way tumblr fixed the worm problem for now is by disabling the posting of videos.)

Posted on
  1. bbbrad reblogged this from jhermann and added:
    I fucking loved that audio sequencer thing.
  2. jhermann reblogged this from ex-genius and added:
    Totally. “Enter a URL to a popular hosting site. Or, like, any code you want. Just put it in an EMBED wrapper and we’ll...
  3. ex-genius posted this