Xss

Results 1 to 7 of 7
  1. #1
    Evil Scottish Overlord Joopie is online now
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,757Posts

    Xss

    The following thread almost looks like XSS. http://forum.ragezone.com/f353/fonts...fonts-1194592/




    Send me a PM | send me a mail

    Still waiting for XenForo to hit RaGEZONE.

    Gonna start a test conversion again soon


    SOON TM


  2. #2
    Super Moderator Biesmen is offline
    Super ModRank
    Apr 2007 Join Date
    2,480Posts

    Re: Xss

    I cannot reproduce the error. Are you sure it isn't some browser cache issue?
    Forum Rules | Account Support | Subscribe
    RaGEZONE Facebook

    "The reason why people give up so fast is because they tend to look at how far they still have to go, instead of how far they have gotten."

  3. #3
    Evil Scottish Overlord Joopie is online now
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,757Posts

    Re: Xss

    Quote Originally Posted by Biesmen View Post
    I cannot reproduce the error. Are you sure it isn't some browser cache issue?
    It seems like Ketchup fixed the issue. Non the less it was possible to inject html and stuff because it fucked up the entire html. It was not cache related, nor browser. I tested it on multiple browsers and machines.



    Send me a PM | send me a mail

    Still waiting for XenForo to hit RaGEZONE.

    Gonna start a test conversion again soon


    SOON TM

  4. #4
    Super Moderator Biesmen is offline
    Super ModRank
    Apr 2007 Join Date
    2,480Posts

    Re: Xss

    I checked the history. The BB code tags ruined the styling, no HTML or JS code was injected in the thread. It looks like the HTML tags were not closed properly by vBulletin while using nested BB code tags.
    Forum Rules | Account Support | Subscribe
    RaGEZONE Facebook

    "The reason why people give up so fast is because they tend to look at how far they still have to go, instead of how far they have gotten."

  5. #5
    Evil Scottish Overlord Joopie is online now
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,757Posts

    Re: Xss

    Quote Originally Posted by Biesmen View Post
    I checked the history. The BB code tags ruined the styling, no HTML or JS code was injected in the thread. It looks like the HTML tags were not closed properly by vBulletin while using nested BB code tags.
    Check. So not really XSS but it's still a way to ruin the styling etc.



    Send me a PM | send me a mail

    Still waiting for XenForo to hit RaGEZONE.

    Gonna start a test conversion again soon


    SOON TM

  6. #6
    Super Moderator Biesmen is offline
    Super ModRank
    Apr 2007 Join Date
    2,480Posts

    Re: Xss

    Yep, @MentaL would have to take a look at it.
    Forum Rules | Account Support | Subscribe
    RaGEZONE Facebook

    "The reason why people give up so fast is because they tend to look at how far they still have to go, instead of how far they have gotten."

  7. #7
    Administrator MentaL is offline
      Administrator  Rank
    Dec 2000 Join Date
    31,511Posts

    Re: Xss

    Interesting bug, for sure. Not sure what tag was used.
    Server Files: https://ragezone.com/server-files/

    feel free to send me a better list with updated info :)



Advertisement