Kupika Vulns 2 Login to Kupika  or  Create a new account 

This diary entry is written by neoeno. ( View all entries )
Previous entry: Kupika Vulns in category (general)

Kupika Vulns 2Category: (general)
Monday, 19 March 2007
06:44:49 PM (GMT)
Javascript can still be executed :P Both in links (less optimal, but cross-browser),
and images (works in IE 6). Trust me on this Hina, blacklisting is _not_ the way to
go :P

Okay, as for the other vulns. To get someone off the fleeting thoughts. I noticed
that when someone has questions, the box does not come up. What possible things could
I do to make sure they cannot answer the questions? Also, as for the front-page
thing, that uses the same method as before. What I am about to do may shed some light
on the matter.


Okay, so I showed off a bit there. It probably wont show up properly in your
browser/resolution combo, but hopefully you'll see what I mean. If it's worked
correctly, you probably wont notice a thing different. Click on the 'home' link, and
it'll take you to google. It probably will be out of place though, I'd have to do my
research if I wanted it properly crossbrowser/resolution. I also had to use
javascript to make the link work... without that, I could have just put messages up
there to fool people or whatever. If I want to go completely javascript, I could do
what I did to the 'edit character' box (but only in IE6).

Anyway, back to the other exploits. I figure I'm gonna fully disclose, most people
wont know what I'm going on about anyway. Basically I use CSS to make a 100% width
100% height white backgrounded box, and send that in a comment (to kill the entry and
with it the 'delete comments' button), or a question (they wont be able to answer,
and thus will be banished from the fleeting thoughts), or whatever.

Last edited: 19 March 2007

hina says:   27 March 2007   916132  
thanks for the enlightenment :p
i was not aware of the "&#" trick, now the exploit has been fixed but
i doubt it is 100% safe. so feel free to hack away!

i cannot reproduce the 100% width 100% height CSS hack. it just shows
up as a white box in the comment section, and does not fill the entire

yeah, i agree that blacklisting is not the best solution, but i don't
get what does blacklisting have to do with these vulnerabilities?
hina says:   27 March 2007   621888  
all right, the CSS hack is confirmed.
i will fix this later, now i have to go to work... it's getting late
pyro_the_pirate wonders :   16 April 2007   648245  
makes you wanna think! 


Next entry: Cheating: Sexual and Emotional in category (general)
Related Entries
‹Monkey boy›: Self Poems
Addicted2: Love/ hate.... And the difference is?
slipknotgal2006: New poemmm!
purtink95: BOYS!!!!!!!!!!!
‹~:Mystery.Of.Music:~›: Judged the Wrong Way Moodswings xD

About Kupika    Contact    FAQs    Terms of Service    Privacy Policy    Online Safety
Copyright © 2005-2012