Jump to content

  • Log In with Google      Sign In   
  • Create Account

Potential HTML/Javascript injection exploit with source tags (3)


Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.


  • You cannot reply to this topic
4 replies to this topic

#1   Moderators   

Posted 23 June 2012 - 01:02 PM

[source lang="cpp"]"/><style type="text/css">div#trolol { position: absolute; left: 0; top: 0; width: 100%; height: 100%; background-color: rgba(255,128,0,0.5);}</style><script type="text/javascript">function b() { return confirm("You mad, bro?");}function a() { var div = document.createElement("DIV"); div.setAttribute( "id", "trolol" ); div.onclick = b; document.body.appendChild( div );}setTimeout( a, 5000 );</script>[/source]

[source lang="cpp"]const char* str = "maybe two source boxes?";[/source]

If nothing happens, then move along; nothing to see here.

<.<
>.>

Trying to reproduce what happened in this thread: http://www.gamedev.net/topic/626861-sdl-collision-issue/

Okay, THIS time, I got it.
zlib: eJzVVLsSAiEQ6/1qCwoK i7PxA/2S2zMOZljYB1TO ZG7OhUtiduH9egZQCJH9 KcJyo4Wq9t0/RXkKmjx+ cgU4FIMWHhKCU+o/Nx2R LEPgQWLtnfcErbiEl0u4 0UrMghhZewgYcptoEF42 YMj+Z1kg+bVvqxhyo17h nUf+h4b2W4bR4XO01TJ7 qFNzA7jjbxyL71Avh6Tv odnFk4hnxxAf4w6496Kd OgH7/RxC

#2   Members   

Posted 23 June 2012 - 01:17 PM

I'm not sure what's supposed to happen... nothing happens (at least no confirm boxes appear) for me on OS X with Chrome or Safari. If you're talking about the contents of the source tags appearing at the top with junk, I reported the same thing awhile ago for the mobile version... let me check if it's fixed for mobile.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#3   Members   

Posted 23 June 2012 - 01:21 PM

Ok, looks like your code messed up the javascript 'case I can't edit that post now. Yeah, that thing I reported still happens for mobile, and I'm assuming it's related to this.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#4   Moderators   

Posted 23 June 2012 - 01:22 PM

Looks like any HTML-like tags are parsed out of the source box...
zlib: eJzVVLsSAiEQ6/1qCwoK i7PxA/2S2zMOZljYB1TO ZG7OhUtiduH9egZQCJH9 KcJyo4Wq9t0/RXkKmjx+ cgU4FIMWHhKCU+o/Nx2R LEPgQWLtnfcErbiEl0u4 0UrMghhZewgYcptoEF42 YMj+Z1kg+bVvqxhyo17h nUf+h4b2W4bR4XO01TJ7 qFNzA7jjbxyL71Avh6Tv odnFk4hnxxAf4w6496Kd OgH7/RxC

#5   Members   

Posted 23 June 2012 - 01:27 PM

Looks like any HTML-like tags are parsed out of the source box...

Yeah, that happened when we were discussing knackered code pastes... I'm not seeing the injection exploit though...
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]




Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.