I found following problem in the WebBoard: The Board has a paging function. User A can send a message to user B. User B gets a javascript popup (produced with alert()) with the message from user A. The problem is that user A can close the alert() function and so he can execute his javascript code on user B's machine. Example of a message wich executes my code: \');for(i=0;i<100000;i++) alert("not nice"); // There is a function that escapes the ' but if i escape it it will be escaped a second time ... the effect is that then the \ will escaped and the alert is closed. so after that i can put my code! // (comment) this comment is needed becaus there is still a '); from the alert, with the help of the commen this will not produce an error. greets helli
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 09:08:45 PDT