We’re not sure if this is directly related to the Ajax exploit we posted about, but interesting to see the point proven that security shouldn’t be forgotten in the name of “Web 2.0”
Apparently it was a simple as them not validating any input on their posts/comments 
as reported here. This is a similar technique used back when MySpace incurred a similar fate (Sammy will always be my hero.).
It also seems the creators knew about this months ago but decided it wasn’t a priority, bummer.
Here is the actual post of reddit where users figured it out. There haven’t been any malicious hack attempts as of yet, but if they don’t fix it soon you can bet there will be.
