mouse over to see the exploit in action, if it doesnt work that means alex fixed it
ok the first is with the color tag, it works cause there arent any quotes around the value u put in when its transfered over to html, so u can add other attributes like onmouseover ect.
okey dokey, next exploit is with the new tip bbcode, lol. i think i was told by someone what it is "unhaxable"? o contrare its the most exploitable, i can add html code(more importatnylt script tags onto the page) by using javascript escape characters in the tag. this can prolly be fixed by rplacing all‘\’ s with a‘\\’ or just deleting them all together. example time:
ok the last exploit is for bypassing the quotes in various tags like link and image. im not really sure of a fix for it, thats y its sooo good , the way it works is that i put an iamge tag wher you would put the website on the link tag, that way the quotes from the link get canceld out by the initial quotes from teh image and i can add an attribute like onload or onmouse over to teh link tag.
This post was edited by movax13hint10h on Sunday, Sep 16, 2007 at 8:39 pm
, the way it works is that i put an iamge tag wher you would put the website on the link tag, that way the quotes from the link get canceld out by the initial quotes from teh image and i can add an attribute like onload or onmouse over to teh link tag.