Ramiel
Vicious like a ferret
Posts: 484
Registered: 19-8-2002
Location: Room at the Back, Australia
Member Is Offline
Mood: Semi-demented
|
|
Problem: posting 'outside' the box
Erm, Just testing if a little hypothesys is true;
<html><td><font face="Times New Roman" Size="+1">Here is a LITTLE text written in
HTML.</font></td></html>
(written postscript)
And now, i try to type something after the /html tag, and it appears to me to be outside the conclusion of my posting window, as it were. Perhaps a
little problem with the board code?
Another thing - when typing between the html and /html tags, normal keyboard returns are treated as 'br' tags.
[Edited on 4-1-2004 by Ramiel]
Caveat Orator
|
|
|
Ramiel
Vicious like a ferret
Posts: 484
Registered: 19-8-2002
Location: Room at the Back, Australia
Member Is Offline
Mood: Semi-demented
|
|
ah, what you see there is the aftermath of a 'td' tag.
the other 'table' tag does something similar.
hehe, oops.
[edit]
ps. another discovery - even after the '/html' tag, html code is still interpreted and "marked up"
[Edited on 4-1-2004 by Ramiel]
Caveat Orator
|
|
|
I am a fish
undersea enforcer
Posts: 600
Registered: 16-1-2003
Location: Bath, United Kingdom
Member Is Offline
Mood: Ichthyoidal
|
|
<html><td bgcolor="#FF00FF">That's pretty cool</td><td bgcolor="#FFFF00">I would have thought that
non text related HTML would be parsed out.</td><td bgcolor="#00FF00">I wonder if they'll fix it.</td></html>
1f `/0u (4|\\| |234d 7|-|15, `/0u |234||`/ |\\|33d 70 937 0u7 /\\/\\0|23.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Probably not. The XMB team has been extremely slow in fixing security holes; exploits that just allow the appearance of pages to be altered are surely
of even lower priority.
|
|
|
Blind Angel
National Hazard
Posts: 845
Registered: 24-11-2002
Location: Québec
Member Is Offline
Mood: Meh!
|
|
well, i you can post outside like this i dont know if you could use this exploit to add a PHP tag
[Edited on 4-1-2004 by Blind Angel]
/}/_//|//) /-\\/|//¬/=/_
My PGP Key Fingerprint: D4EA A609 55E4 7ADD 8529 359D D6E2 33F6 4C76 78ED |
|
|
Ramiel
Vicious like a ferret
Posts: 484
Registered: 19-8-2002
Location: Room at the Back, Australia
Member Is Offline
Mood: Semi-demented
|
|
ah well, it opens up a whole new level of style for posts... if you know html.
btw, Does this stink of a <html><a href="http://www.sciencemadness.org/talk/viewthread.php?tid=1">coverup</a></html>
to you?
Very suspicious to me
Caveat Orator
|
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
Thats weird, I thought members had access to everything....
edit: works with 111 , 765, 756, 7865, 6747, and all really large numbers also,
I think that those thread numbers simply havent been created yet, but that doesent explain why 1 and other numbers in the middle doesent exist.
[Edited on 5-1-2004 by rogue chemist]
|
|
|
Mumbles
Hazard to Others
Posts: 436
Registered: 12-3-2003
Location: US
Member Is Offline
Mood: Procrastinating
|
|
Are the threads that don't show up maybe ones that have been deleted? Either by moderation because of stupidity or by person because of
accidentally starting a new topic. I've done that a few times, but I don't know the post numbers to test it out.
|
|
|
Hermes_Trismegistus
National Hazard
Posts: 602
Registered: 27-11-2003
Location: Greece, Ancient
Member Is Offline
Mood: conformation:ga
|
|
Fuckin CyberToolChipHeads@!(*&
(old man voice)
Arguing on the internet is like running in the special olympics; even if you win: you\'re still retarded.
|
|
|
blip
Hazard to Others
Posts: 133
Registered: 16-3-2003
Member Is Offline
Mood: absorbed
|
|
I once caught a VBScript virus and captured it; it would be very easy to post it in guestbooks, posts, etc.  I truly hope no one abuses this great formatting tool or it will have to be disabled like at totse and PH. All
knowledge can be used to destructive ends, but also to constructive ones as well. I don't think the Bush administration understands that yet...
or will they ever? One of the links in my signature demonstrates how to use HTML for formatting very easily in situations such as this. I suspect
</table> would wreak havoc... let's see:</table>
[Edit: guess not.]
[Edited on 1-5-2004 by blip]
|
|
|
I am a fish
undersea enforcer
Posts: 600
Registered: 16-1-2003
Location: Bath, United Kingdom
Member Is Offline
Mood: Ichthyoidal
|
|
<html>
</table></table>
<table bgcolor="#FF00FF" width="3000"><td width="3000" bgcolor="#FF00FF">I've done some more
experimentation. It turns out that javascript is parsed out. However, the iframe sandbox tag still works, and so it is possible to load a frame
containing active content from a remote source.</td>
</table>
[Edited on 6-1-2004 by I am a fish]
1f `/0u (4|\\| |234d 7|-|15, `/0u |234||`/ |\\|33d 70 937 0u7 /\\/\\0|23.
|
|
|
KABOOOM(pyrojustforfun)
Hazard to Others
Posts: 254
Registered: 12-10-2002
Location: Iran (pseudoislamic dictatorship of)
Member Is Offline
Mood: exuviating!
|
|
marquee tag !
<marquee height="50" width="500" direction="up"><img
src="http://www.sciencemadness.org/talk/images/smilies/biggrin.gif"><marquee><img
src="http://www.sciencemadness.org/talk/images/smilies/tongue.gif"></marquee><marquee direction="up"><img
src="http://www.sciencemadness.org/talk/images/smilies/wink.gif"></marquee><marquee direction="right"><img
src="http://www.sciencemadness.org/talk/images/smilies/thumbup.gif"></marquee><marquee direction="right"
speed="1000">!!!!</marquee></marquee><marquee width=500 height=50 direction="down"><img
src="http://www.sciencemadness.org/talk/images/smilies/cool.gif"><marquee align="center"><img
src="http://www.sciencemadness.org/talk/images/smilies/mad.gif"></marquee></marquee><marquee
rate="10000">WOOOOOOOOOW!<marquee direction="right"><marquee
direction="right">PJFF</marquee></marquee></marquee>
|
|
|
blip
Hazard to Others
Posts: 133
Registered: 16-3-2003
Member Is Offline
Mood: absorbed
|
|
<meta http-equiv="Page-Enter" content="revealTrans(Transition=23,Duration=1.000)">Javascript isn't parsed out, click
the thingy and look at the window status (bottom left in IE):
<head><script language=javascript>function b(){window.status="Ahh! The taelons are
coming!";}</script></head><table bgcolor=FFFF00 cellpadding=3 cellspacing=15 onclick="b()"><tr><td> </td></tr></table>
It seems that all your script code must be in one line, though, or else the <br /> tag is added after each line break. Also, I had to put
window.status stuff in a function first because the editor also took single quotes and converted them to some &###; when I used it directly in the
onclick event.
I rediscovered that the post editor doesn't seem to like backslashes at all! If there was a way to execute COMMAND.COM followed by DEBUG.EXE
(both with cmdline params I don't know how to pass thru a browser  ) on the
local computer, some major havoc could be wreaked! Scary stuff.
Edit: I found how to pass parameters to programs in a certain directory on the user's drive, but luckily it's incompatible with the way
COMMAND.COM takes it parameters and it's a bug that should be fixed soon... hopefully. If only one <b><i>TINY</i></b>
(uhh, like a byte!) change was made to COMMAND.COM, it would make your system extremely vulnerable to external code that anyone would want to execute
on your machine!! I think this is one case where it's good that most people don't know x86 assembly.
[Edited on 1-9-2004 by blip]
|
|
|
Quantum
Hazard to Others
Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline
Mood: Interested
|
|
<PHP PHP seems to work!!! ?>
What if, what is isn\'t true?
|
|
|
Organikum
resurrected
Posts: 2337
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: frustrated
|
|
Thats why
I am using OPERA and I am rather sure nothing of this will go through onto my machine.
It will not even pass the PROXOMITRON and the JS and the HTML filters there...
no no
its easy to stay secured...
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
