theguy0000 Posted May 8, 2007 Posted May 8, 2007 Okay, no problem.. but don't be surprised if I want to fiddle with it a bit when I have nothing else to script.. thanks, and no problem feel free to contribute anytime... The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 9, 2007 Posted May 9, 2007 Now allows custom post title in the demo, but I'm not releasing another version until I have more features... The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 9, 2007 Posted May 9, 2007 Post title limited to 60 characters. Thanks whoever that was! The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
sandman Posted May 9, 2007 Author Posted May 9, 2007 Post title limited to 60 characters. Thanks whoever that was! [center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]
Dhilip89 Posted May 9, 2007 Posted May 9, 2007 The demo link really cool. [u]My Projects[/u]:General:WinShell (Version 1.6)YouTube Video Downloader Core (Version 2.0)Periodic Table Of Chemical Elements (Version 1.0)Web-Based:Directory Listing Script Written In AutoIt3 (Version 1.9 RC1)UDFs:UnicodeURL UDFHTML Entity UDF[u]My Website:[/u]http://dhilip89.hopto.org/[u]Closed Sources:[/u]YouTube Video Downloader (Version 1.3)[quote]If 1 + 1 = 10, then 1 + 1 ≠2[/quote]
jvanegmond Posted May 9, 2007 Posted May 9, 2007 (edited) You were redirected again...Edit: I'll make this more secure if you like to... Edited May 9, 2007 by Manadar github.com/jvanegmond
sandman Posted May 9, 2007 Author Posted May 9, 2007 You were redirected again...Edit: I'll make this more secure if you like to... What's 'unauthorized'? [center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]
jvanegmond Posted May 9, 2007 Posted May 9, 2007 What's 'unauthorized'? Just an idea we were playing around with.. github.com/jvanegmond
McGod Posted May 9, 2007 Posted May 9, 2007 Ok all Javascript, HTML anything with tags is nulled. $entry = StringReplace($newentry, "<", "<") $entry = StringReplace($entry, ">", ">") Took a note from IPB. You can type <script> </script> and it will look exactly like that, because Instead of < in the source it's < which generates < [indent][center][u]Formerly Chip[/u][/center]~UDFs~[/indent][u]IRC.au3 - Allows you to connect to IRC ServersINetCon.au3 - Connects/Disconnects/Check Status of InternetHardware Key - Creates a unique hardware hashScriptComm - Allows you to communicate between scripts using WM_COPYDATA[/u][indent]~Programs~[/indent][indent]SimonAu3ForumsIRC Bot~Web Site~Web Autoit Example[/indent][indent][b][/b][/indent][u][/u]
McGod Posted May 9, 2007 Posted May 9, 2007 Ok, I placed <script LANGUAGE="Javascript">alert("Hey");</SCRIPT>java script:alert("Hey");<script type="text/javascript">alert("Hey");</script><body onload="java script:alert("Hey");">Hey</body><a href="java script:alert("Hey");">Hey</a><div align="right">Hey</div><table><td><tr>Hey</tr></td></table><LINK REL=StyleSheet HREF="stylesheet.css" TITLE="Main"><iframe src ="/default.asp"width="100%"></iframe><title>Hey</title>In a blog and nothing worked [indent][center][u]Formerly Chip[/u][/center]~UDFs~[/indent][u]IRC.au3 - Allows you to connect to IRC ServersINetCon.au3 - Connects/Disconnects/Check Status of InternetHardware Key - Creates a unique hardware hashScriptComm - Allows you to communicate between scripts using WM_COPYDATA[/u][indent]~Programs~[/indent][indent]SimonAu3ForumsIRC Bot~Web Site~Web Autoit Example[/indent][indent][b][/b][/indent][u][/u]
jvanegmond Posted May 9, 2007 Posted May 9, 2007 Ok, I placed In a blog and nothing worked You have to be smarter then that to execute some code on the blog.. github.com/jvanegmond
theguy0000 Posted May 9, 2007 Posted May 9, 2007 Ok all Javascript, HTML anything with tags is nulled. $entry = StringReplace($newentry, "<", "<") $entry = StringReplace($entry, ">", ">") Took a note from IPB. You can type <script> </script> and it will look exactly like that, because Instead of < in the source it's < which generates <........... but then it doesn't allow the tags I want, like I have it programmed now... The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 9, 2007 Posted May 9, 2007 hey Manadar, how did you get the script tags in there...its supposed to strip those out. The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 9, 2007 Posted May 9, 2007 I just tested it, I can confirm that it strips <script> tags...how did you get around it? The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 9, 2007 Posted May 9, 2007 oh :"> I see The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 9, 2007 Posted May 9, 2007 now strips tags from the title, too. All tags. None are allowed in the title. The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
jvanegmond Posted May 9, 2007 Posted May 9, 2007 You should have known better then that. Currently, I'm totally out of ideas on how to redirect you now.. github.com/jvanegmond
theguy0000 Posted May 9, 2007 Posted May 9, 2007 You should have known better then that. Currently, I'm totally out of ideas on how to redirect you now..i know lolok, thats good why do you keep posting useless stuff? (ANC and ABC?) The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
theguy0000 Posted May 10, 2007 Posted May 10, 2007 no longer allows posts with less than 3 characters, not including whitespace The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN
spyrorocks Posted December 20, 2007 Posted December 20, 2007 I have been away from the forums here for a while, so I never got a chance to exploit-test this... I left a little message on the blog itself (http://blog.theguy0000.com/). Sorry for bringing up old threads, but it does still contain security issues. [center] My Projects: Online AutoIt Compiler - AutoForum - AutoGuestbook - AutoIt Web-based Auto Installer - Pure AutoIt Zipping Functions - ConfuseGen - MindReader - P2PChat[/center]
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now