Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gmmastros on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Your reply fields allow HTML tag posting

Status
Not open for further replies.
Yikes! Sorry all, just wanted to try this. Not only a security concern but users can also hoark up a set of messages by placing "unesseccary" html code into their text.
 
It could be a security hole, if they enbedded SQL calls. could they not do destructive things to your SQL database. Making alterationst o the master db, or other sql necessary objects.



Just a question..


 
That is really cool!!!! Unfortunately, not something that we can have here, though... Looks like I'll have to check the messages for code. Thank you for bringing this to my attention
 
This is a ‹STRONG›TEST‹/STRONG›
 
I tried adding it in this time and it didn't work. Have you already patched it? It also said that my handle was Warcorp! Kinda of odd....
 
Okay for some reason it has me as Warcorp now as my Handle. I just replied to a message in the thread and now when I submit things I am listed as Warcorp and it shows up on the top as saying Warcorp's Threadminder. I am going to try logging in again to see if this can fix it. (PK)
 
Ok it should have me back as PK again but it was strange that it had switched me to Warcorp. You might want to look into this a little because it could be scary if people could pose as others without any effort.
 
I deleted that section of the page with the extra text box....It was the handle switch as it was tied to Warcorp's handle....
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top