for copypasta purposes...function show_alert value="Show User" eval("x=10;y=20;document.write(x*y)");Here you go.
I'm getting abnormal reply - is this new?
abnormal reply lolol
You guys are definitely new"eval(" in a comment would ban you
This is php injection. It exploits a lack of securing on m00ts part. Someone could've done a lot more than prove samefag here.
Does that specific trick in the picture work? Does it do anything malicious to the user? I tried it out, but NoScript blocked it on the grounds that it was an Cross Site Scripting attack.
looks like it was patched in recent updates
just tried this, got a one day ban. one whole day of not even getting to look at posts.
Lol. If this were to work, here's what it does:Sets a variable "x" as an integer, with a value of 10Sets a variable "y" as an integer, with a value of 20Opens an alert box (popup window, basically) with the result of x multiplied by y.Oops!
DOES IT WORK
for copypasta purposes...
ReplyDeletefunction show_alert value="Show User" eval("x=10;y=20;document.write(x*y)");
Here you go.
I'm getting abnormal reply - is this new?
ReplyDeleteabnormal reply lolol
ReplyDeleteYou guys are definitely new
ReplyDelete"eval(" in a comment would ban you
This is php injection. It exploits a lack of securing on m00ts part. Someone could've done a lot more than prove samefag here.
ReplyDeleteDoes that specific trick in the picture work? Does it do anything malicious to the user? I tried it out, but NoScript blocked it on the grounds that it was an Cross Site Scripting attack.
ReplyDeletelooks like it was patched in recent updates
ReplyDeletejust tried this, got a one day ban. one whole day of not even getting to look at posts.
ReplyDeleteLol. If this were to work, here's what it does:
ReplyDeleteSets a variable "x" as an integer, with a value of 10
Sets a variable "y" as an integer, with a value of 20
Opens an alert box (popup window, basically) with the result of x multiplied by y.
Oops!
DOES IT WORK
ReplyDelete