Sciencemadness Discussion Board

Problem: posting 'outside' the box

Ramiel - 4-1-2004 at 00:16

Erm, Just testing if a little hypothesys is true;

<html><td><font face="Times New Roman" Size="+1">Here is a LITTLE text written in HTML.</font></td></html>

(written postscript)
And now, i try to type something after the /html tag, and it appears to me to be outside the conclusion of my posting window, as it were. Perhaps a little problem with the board code?

Another thing - when typing between the html and /html tags, normal keyboard returns are treated as 'br' tags.

[Edited on 4-1-2004 by Ramiel]

Ramiel - 4-1-2004 at 00:20

ah, what you see there is the aftermath of a 'td' tag.
the other 'table' tag does something similar.

hehe, oops.

[edit]
ps. another discovery - even after the '/html' tag, html code is still interpreted and "marked up"

[Edited on 4-1-2004 by Ramiel]

I am a fish - 4-1-2004 at 03:56

<html><td bgcolor="#FF00FF">That's pretty cool</td><td bgcolor="#FFFF00">I would have thought that non text related HTML would be parsed out.</td><td bgcolor="#00FF00">I wonder if they'll fix it.</td></html>

Polverone - 4-1-2004 at 10:08

Probably not. The XMB team has been extremely slow in fixing security holes; exploits that just allow the appearance of pages to be altered are surely of even lower priority.

Blind Angel - 4-1-2004 at 10:58

well, i you can post outside like this i dont know if you could use this exploit to add a PHP tag

[Edited on 4-1-2004 by Blind Angel]

Ramiel - 4-1-2004 at 17:17

ah well, it opens up a whole new level of style for posts... if you know html.

btw, Does this stink of a <html><a href="http://www.sciencemadness.org/talk/viewthread.php?tid=1">coverup</a></html> to you?
Very suspicious to me

The_Davster - 4-1-2004 at 17:42

Thats weird, I thought members had access to everything....

edit: works with 111 , 765, 756, 7865, 6747, and all really large numbers also,
I think that those thread numbers simply havent been created yet, but that doesent explain why 1 and other numbers in the middle doesent exist.



[Edited on 5-1-2004 by rogue chemist]

Mumbles - 4-1-2004 at 20:45

Are the threads that don't show up maybe ones that have been deleted? Either by moderation because of stupidity or by person because of accidentally starting a new topic. I've done that a few times, but I don't know the post numbers to test it out.

Fuckin CyberToolChipHeads@!(*&

Hermes_Trismegistus - 5-1-2004 at 00:05

(old man voice)

blip - 5-1-2004 at 15:42

I once caught a VBScript virus and captured it; it would be very easy to post it in guestbooks, posts, etc. :o I truly hope no one abuses this great formatting tool or it will have to be disabled like at totse and PH. All knowledge can be used to destructive ends, but also to constructive ones as well. I don't think the Bush administration understands that yet... or will they ever? One of the links in my signature demonstrates how to use HTML for formatting very easily in situations such as this. I suspect </table> would wreak havoc... let's see:</table>

[Edit: guess not.]

[Edited on 1-5-2004 by blip]

I am a fish - 6-1-2004 at 03:02

<html>
</table></table>
<table bgcolor="#FF00FF" width="3000"><td width="3000" bgcolor="#FF00FF">I've done some more experimentation. It turns out that javascript is parsed out. However, the iframe sandbox tag still works, and so it is possible to load a frame containing active content from a remote source.</td>
</table>

[Edited on 6-1-2004 by I am a fish]

marquee tag !

KABOOOM(pyrojustforfun) - 7-1-2004 at 20:53

<marquee height="50" width="500" direction="up"><img src="http://www.sciencemadness.org/talk/images/smilies/biggrin.gif"><marquee><img src="http://www.sciencemadness.org/talk/images/smilies/tongue.gif"></marquee><marquee direction="up"><img src="http://www.sciencemadness.org/talk/images/smilies/wink.gif"></marquee><marquee direction="right"><img src="http://www.sciencemadness.org/talk/images/smilies/thumbup.gif"></marquee><marquee direction="right" speed="1000">!!!!</marquee></marquee><marquee width=500 height=50 direction="down"><img src="http://www.sciencemadness.org/talk/images/smilies/cool.gif"><marquee align="center"><img src="http://www.sciencemadness.org/talk/images/smilies/mad.gif"></marquee></marquee><marquee rate="10000">WOOOOOOOOOW!<marquee direction="right"><marquee direction="right">PJFF</marquee></marquee></marquee>

blip - 8-1-2004 at 17:37

<meta http-equiv="Page-Enter" content="revealTrans(Transition=23,Duration=1.000)">Javascript isn't parsed out, click the thingy and look at the window status (bottom left in IE):
<head><script language=javascript>function b(){window.status="Ahh! The taelons are coming!";}</script></head><table bgcolor=FFFF00 cellpadding=3 cellspacing=15 onclick="b()"><tr><td>:D</td></tr></table>
It seems that all your script code must be in one line, though, or else the <br /> tag is added after each line break. Also, I had to put window.status stuff in a function first because the editor also took single quotes and converted them to some &###; when I used it directly in the onclick event.

I rediscovered that the post editor doesn't seem to like backslashes at all! If there was a way to execute COMMAND.COM followed by DEBUG.EXE (both with cmdline params I don't know how to pass thru a browser :() on the local computer, some major havoc could be wreaked! Scary stuff.

Edit: I found how to pass parameters to programs in a certain directory on the user's drive, but luckily it's incompatible with the way COMMAND.COM takes it parameters and it's a bug that should be fixed soon... hopefully. If only one <b><i>TINY</i></b> (uhh, like a byte!) change was made to COMMAND.COM, it would make your system extremely vulnerable to external code that anyone would want to execute on your machine!! I think this is one case where it's good that most people don't know x86 assembly.

[Edited on 1-9-2004 by blip]

Quantum - 11-2-2004 at 15:52

<PHP PHP seems to work!!! ?>

Thats why

Organikum - 11-2-2004 at 16:41

I am using OPERA and I am rather sure nothing of this will go through onto my machine.
It will not even pass the PROXOMITRON and the JS and the HTML filters there...

no no

its easy to stay secured...