Shoutbox

quote:

---

Originally posted by blade
<blacklist>

---

do you have any idea about how big the internet really is? ¬¬

edit:

quote:

---

Originally posted by blade
Well some newbies could click "ok" and be redirected to the site's homepage or something. It's a very up-front way of someone advertising.


And it could be fixed by limiting the use of image tags to "gif" "jpeg" "jpg" "bmp" "png" or something like that (though that would mess with the random image scripts ).

---

A very simple http-policy could redirect that internally (no aparent url change) to a script that could easily read everyithing you put into the fields.

Care to say any try of tricking people into this should be considered as a try to hack the board and a permanent ban should be reasonable

quote:

---

Originally posted by KeyStorm
Care to say any try of tricking people into this should be considered as a try to hack the board and a permanent ban should be reasonable

---

Hahaha - good call.

i guess it could be used in a very dodgy way, by making people think that they need to enter their username and password again.

quote:

---

Originally posted by saralk
i guess it could be used in a very dodgy way, by making people think that they need to enter their username and password again.

---

Yeah, but at least the prompt tells you what server you'd be sending the data to. Of course, some people without much web knowledge/experience could be fooled.

We'll simply remove any image that requires a login, as there is no way to stop them from being used in the [img] tags.

quote:

---

Originally posted by WDZ
Click: http://shoutbox.menthix.net/images/auth.jpg

---

I have that exact same script .... well thats what i use to protect my private pic gallery
Whats a username and password that will actually work there dz ?

quote:

---

Originally posted by WDZ

quote:

---

Originally posted by saralk
i guess it could be used in a very dodgy way, by making people think that they need to enter their username and password again.

---

Yeah, but at least the prompt tells you what server you'd be sending the data to. Of course, some people without much web knowledge/experience could be fooled.

We'll simply remove any image that requires a login, as there is no way to stop them from being used in the [img] tags.

---

Oh, noes, DZ, the Auth Realm can be freely set to anything you want. So there's no way to know where it comes from. Actually, you can't tell what image caused it, unless you try them separately.

quote:

---

Originally posted by John Anderton
I have that exact same script

---

No you don't... it's just a standard HTTP login prompt.

quote:

---

Whats a username and password that will actually work there dz ?

---

There isn't one... it's only an example.

quote:

---

Originally posted by KeyStorm
Oh, noes, DZ, the Auth Realm can be freely set to anything you want.

---

Well, Opera shows me the server name (msghelp.net) in addition to the realm. Other browsers don't?

quote:

---

Originally posted by WDZ
No you don't... it's just a standard HTTP login prompt.

---

I tht it was an acutal script I was too lazy to read the whole thread
I was refering to a php script that asks u a name and pw and only access to a file in which it was included when both are correct.

quote:

---

Originally posted by WDZ
There isn't one... it's only an example.

---

Same answer as above ..... ur dodgy

quote:

---

Originally posted by WDZ
Well, Opera shows me the server name (msghelp.net) in addition to the realm. Other browsers don't?

---

Firefox does It says

quote:

---

Originally posted by Dz's dodgy script (http login prompt)
Enter username and password for "Oh noes!!!" at http://shoutbox.menthix.net

---

And behind the page says :refuck:
U could have atleast taken the liberty of putting the actual image there
<img src="http://shoutbox.menthix.net/images/smilies/refuck.gif" alt="Refuck Emote"></img>

* John Anderton is sleepy and just hopes there arent any typo's there ....
if there are correct em ur self ...

Ok, instead of "Oh noes!!" put

code:

---

"Oh noes!!

"

---

or

code:

---

"Oh noes!!!                                "

---