Quote:
Anyone with half a brain and even a halfway decent
understanding of html can think about it for about 10 seconds
and understand what it could do..
|
Not when you describe it as being something totally different to
what it actually is. It makes you look like you don't understand
the code your posting when you call it HTML and say it can do
anything on any server.
What you are talking about is a very particular combination of
techniques. Once you know the combination it does indeed
appear easy and many of us have seen these techniques used
before in different situations. However without investigation of
the steps needed someone can't just spend 10 seconds looking
at the code to figure out exact what the fuck it is you are talking
about.
I'm guessing english isn't your first language.... no offence but
when you use all the wrong words and describe things totally
backwards it does kinda make it hard for anyone to agree with
you.
Quote:
If i was an asshole i would just use the flaw for profit instead of
letting gfy know about it.
|
If you weren't an asshole you'd actually say what you mean
rather than talking all this crap about server hacking and sending
emails.
Lens.... He is right... It is exploitable.
You need to block a few event handlers such as onstart, onclick, etc.
-Ben
__________________
Cyberwurx Hosting
After trying 5 different hosts, I found the best.
Since 1997 I've had 2 hours of downtime.
Fast support, great techs, no hype, no gimmicks.
<- I in no way endorse whatever just got stuck on the left of my post.