Page 5 of 8
Posted: Tue Apr 18, 2006 10:02 pm
by hawleyjr
method_man wrote:i joined!
Yes, and you have your shirt off
lol, j/k
Posted: Tue Apr 18, 2006 10:07 pm
by method_man
haha, only pic i have on my computer
Posted: Tue Apr 18, 2006 11:08 pm
by neophyte
Neophyte's onboard! Me and mine, that is...
Posted: Wed Apr 19, 2006 4:32 am
by Maugrim_The_Reaper
My first encounter with Frappr is going...suspiciously.
After joining the DevNetwork group, and zooming out the map, clicking on any markers results in two javascript message alerts containing one term - "XSS"...
Posted: Wed Apr 19, 2006 7:11 am
by Chris Corbyn
Maugrim_The_Reaper wrote:My first encounter with Frappr is going...suspiciously.
After joining the DevNetwork group, and zooming out the map, clicking on any markers results in two javascript message alerts containing one term - "XSS"...
That's timvw, trying to prove that Frappr haven't locked things down. You can insert JavaScript code. Luckily that's just an alert, not a vicious attack. I don't think Frappr seem to care

Posted: Wed Apr 19, 2006 7:55 am
by malcolmboston
couldnt they just do htmlentities () to circumvent this? i can see no reason for them not doing so, seems perfectly easy to me
Posted: Wed Apr 19, 2006 8:06 am
by neophyte
If JS can be inserted, than probably HTML too. I wonder what would happen if someone inserted a table with a width of say 700px.
Posted: Wed Apr 19, 2006 8:32 am
by Maugrim_The_Reaper
Poor form really, all you need is someone to point to on of those evil js files to start a little cookie stealing...
Anyways, I now exist as the sole member from Ireland... My marker looks lonely all by itself...
Posted: Wed Apr 19, 2006 1:10 pm
by timvw
Well, while i was editting my profile i accidentally pasted some <b>Warning</b> php message in there... And i was that it was not escaped... So i thought, let's try the first string at the
XSS Cheat sheet... I've send them an e-mail last week, got a reply the day before yesterday... But haven't seen any improvements yet...
Posted: Fri Apr 28, 2006 5:00 pm
by timvw
Apparently they have made some changes that make the xss trick i did impossible (Too lazy to try other stuff from the cheat sheet) but they forgot to remove it from existing profiles... (I removed it myself today ;p)
Posted: Mon Jul 17, 2006 6:12 pm
by hawleyjr
Alright we're up to 49 users!
Who wants to be Devnet Frapper user #50???
Posted: Mon Jul 17, 2006 8:35 pm
by Burrito
I used to be on there...so technically we've already had 50.
Posted: Mon Jul 17, 2006 9:03 pm
by Luke
I'm on there... and I'm sexy.
Posted: Tue Jul 18, 2006 12:26 am
by RobertGonzalez
Yeah, but I have the cutest picture...
Posted: Tue Jul 18, 2006 12:27 am
by Luke
I... can't compete with that.
