Jump to content

View more

Image of the Day

#ld38 #screenshotsaturday Mimosa Fizz action gif #2 https://t.co/TUzdppvfUL
IOTD | Top Screenshots

The latest, straight to your Inbox.

Subscribe to GameDev.net Direct to receive the latest updates and exclusive content.


Sign up now

Potential HTML/Javascript injection exploit with source tags (3)

4: Adsense

Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.


  • You cannot reply to this topic
4 replies to this topic

#1 fastcall22   Moderators   

Posted 23 June 2012 - 01:02 PM

[source lang="cpp"]"/><style type="text/css">div#trolol { position: absolute; left: 0; top: 0; width: 100%; height: 100%; background-color: rgba(255,128,0,0.5);}</style><script type="text/javascript">function b() { return confirm("You mad, bro?");}function a() { var div = document.createElement("DIV"); div.setAttribute( "id", "trolol" ); div.onclick = b; document.body.appendChild( div );}setTimeout( a, 5000 );</script>[/source]

[source lang="cpp"]const char* str = "maybe two source boxes?";[/source]

If nothing happens, then move along; nothing to see here.

<.<
>.>

Trying to reproduce what happened in this thread: http://www.gamedev.net/topic/626861-sdl-collision-issue/

Okay, THIS time, I got it.
zlib: eJzVVLsSAiEQ6/1qCwoK i7PxA/2S2zMOZljYB1TO ZG7OhUtiduH9egZQCJH9 KcJyo4Wq9t0/RXkKmjx+ cgU4FIMWHhKCU+o/Nx2R LEPgQWLtnfcErbiEl0u4 0UrMghhZewgYcptoEF42 YMj+Z1kg+bVvqxhyo17h nUf+h4b2W4bR4XO01TJ7 qFNzA7jjbxyL71Avh6Tv odnFk4hnxxAf4w6496Kd OgH7/RxC

#2 Cornstalks   Members   

Posted 23 June 2012 - 01:17 PM

I'm not sure what's supposed to happen... nothing happens (at least no confirm boxes appear) for me on OS X with Chrome or Safari. If you're talking about the contents of the source tags appearing at the top with junk, I reported the same thing awhile ago for the mobile version... let me check if it's fixed for mobile.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#3 Cornstalks   Members   

Posted 23 June 2012 - 01:21 PM

Ok, looks like your code messed up the javascript 'case I can't edit that post now. Yeah, that thing I reported still happens for mobile, and I'm assuming it's related to this.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#4 fastcall22   Moderators   

Posted 23 June 2012 - 01:22 PM

Looks like any HTML-like tags are parsed out of the source box...
zlib: eJzVVLsSAiEQ6/1qCwoK i7PxA/2S2zMOZljYB1TO ZG7OhUtiduH9egZQCJH9 KcJyo4Wq9t0/RXkKmjx+ cgU4FIMWHhKCU+o/Nx2R LEPgQWLtnfcErbiEl0u4 0UrMghhZewgYcptoEF42 YMj+Z1kg+bVvqxhyo17h nUf+h4b2W4bR4XO01TJ7 qFNzA7jjbxyL71Avh6Tv odnFk4hnxxAf4w6496Kd OgH7/RxC

#5 Cornstalks   Members   

Posted 23 June 2012 - 01:27 PM

Looks like any HTML-like tags are parsed out of the source box...

Yeah, that happened when we were discussing knackered code pastes... I'm not seeing the injection exploit though...
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]




Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.