PIRATEBOX

Debian-script's Shoutbox can have javascript injected

Posted by Patawan 
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Now, this forum is in read-only mode. You find details Details hereContinue on /r/PirateBox
Forum List Message List New Topic
Patawan
Debian-script's Shoutbox can have javascript injected
July 06, 2014 03:10AM
I downloaded teh software from here

[piratebox.aod-rpg.de]

And once I got it working I realized that the chatbox isn't escaped and javascript can be injected. (<script>alert("lol" )</script> ) It's just damn annoying!

I don't know how up to date the software is or if the person who wrote it is alive or dead, but he said to write about improvements here.

Also, I'm going on vacation tomorrow so I'll probably not answer to this.

I'm just letting you folks know!
Reply Quote
Matthias
Re: Debian-script's Shoutbox can have javascript injected
July 06, 2014 08:52AM
Thanks for the feedback!
I'm adding it to my issue list for fixing that. Because this is python, I don't know much, it may take some time.

Matthias

This is only my signature.
Reply Quote
Newer Topic Older Topic