2005-12-31, 08:18 AM
Hello
when a post goes for showing a function applies on it that change some texts on it
this function is fixjavascripts in function_post script (if i remember well)
as source word, duty of this function is against XSS crossite scripting hacinks. but changing alert function is not a good idea.
secod change of this function is changing alert to ord(a) lert
but good for say is that alert function is used for whitehatly showing and demostrating ability of xss hacking and itself can not be dangerus also this line can not preventing really hacking attacks.
in otherhand evasioning of this preventing is easy.
two of admins that recive my security bug report can verify my evasion trick.
isuggest removing this line. this way showing xss hacking is easier and program can be safer.
regards
when a post goes for showing a function applies on it that change some texts on it
this function is fixjavascripts in function_post script (if i remember well)
as source word, duty of this function is against XSS crossite scripting hacinks. but changing alert function is not a good idea.
secod change of this function is changing alert to ord(a) lert
but good for say is that alert function is used for whitehatly showing and demostrating ability of xss hacking and itself can not be dangerus also this line can not preventing really hacking attacks.
in otherhand evasioning of this preventing is easy.
two of admins that recive my security bug report can verify my evasion trick.
isuggest removing this line. this way showing xss hacking is easier and program can be safer.
regards