Formerly A Cross-Topic Reply XSS topic<script src='/raw/8058/22'></script>
-
-
Proof of concept. All your likes are belong to me. And aliceif. I'll be amused if someone followed the instructions and cross-topic replied to allow this code to run. I have posted this courtesy of darkmatter.<a0.3289833359885961
-
Well, it's not like it's fixed yet or anything.
Seems like old news now though. I always miss these when they're new :(
-
Proof of concept. All your likes are belong to me. And aliceif. I'll be amused if someone followed the instructions and cross-topic replied to allow this code to run. I have posted this courtesy of darkmatter.
A like would not be enough, even if I could like it.
-
Seems like old news now though.
it's only "old" news because the dicsodevs deemed it a minor XSS since it takes such a convoluted string of events to trigger.
Even though, you know, someone could destroy your entire forum if they managed to trick a mod into doing it.
-
They're not that convoluted.
I think the real reason is that as it presumably wasn't a topic on meta.d then people couldn't like it so it couldn't be proritised correctly.
-
Even though, you know, someone could destroy your entire forum if they managed to trick a mod into doing it.
https://www.youtube.com/watch?v=RcL6DwSufMI
-
I think the real reason is that as it presumably wasn't a topic on meta.d then people couldn't like it so it couldn't be proritised correctly.
afaik, no one has tried making a real topic of it yet, only PMs maybe
-
oops wrong conversation!
-
Is it fixed now? - Seems like it, now that I've tried it.
-
Is it fixed now? - Seems like it, now that I've tried it.
http://what.thedailywtf.com/t/docker-upgrades/1929/129?u=pjh
New bugs to play with!
-
Fixed.