Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 03:46 PM |
If I say Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.
It gets deleted? |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 03:47 PM |
| k no? or they slow if I say roblox has 44 hack prime areas which is true? |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 03:49 PM |
| So if I were to say these 44 issues were in the Cross Site Scripting (Which they are) I don't understand why you deleted my other thread, |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:02 PM |
| You cannot inject ANY of those script languages into roblox |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:02 PM |
| Lol java can be inserted into fairly everything this site has java scripts in it. |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:07 PM |
You make me LOL too hard.
Alright so first of all roblox doesn't use java... at all. If you were referring to javaSCRIPT, then you are also wrong. This is due to the fact that javascript cannot be injected into the server. You can mess up your client, but believe me, that will not get you ANYTHING. |
|
|
| Report Abuse |
|
|
| |
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:08 PM |
| lolk mainly the page can be vulnerable to XSS. |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:09 PM |
"It is also possible to modify the content of the page presented to the user. "
EVERYONE knows this is possible, well anyone who has ever learned the basics of browsers. The reason most web developers and ROBLOX does not care about this is that it cannot be fixed, and w3 hasn't done anything about patching it because it is useful to web developers, and cannot harm the website itself AT ALL. |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:11 PM |
| Well most pages on this site aren't in danger of XSS but this special one is. |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:12 PM |
| Watch out guys the mods fingers are itching of the delete post and lock post buttons careful! |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:12 PM |
| Yes, the page could be vulnerable to XSS (which you did not state in your original post). Anyways, there is pretty much no way use XSS on roblox, due to the fact that there is no way to initiate the script on everyone's page. Also, you cannot steal another user's cookie unless they manually download a third party program and change the HTTPonly settings. |
|
|
| Report Abuse |
|
|
| |
|
|
| 21 Nov 2012 04:13 PM |
ROBLOX did not use any builder for games.
Every game built from a builder runs Java(Script).
Every other game has an more better running script software. |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:14 PM |
| By not fixing an XSS hole this could allow possible user account compromise in portions of your site as they get added or updated. |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:15 PM |
| If you were to find a page vulnerable to injection, then PM me for some real exploiting. In the most common scenario, you are simply lying to mask the fact that your argument is invalid. |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:16 PM |
XSS holes can allow Javascript insertion, which may allow for limited execution. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side.
End Of. |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:18 PM |
| The javascript used in "games" is just to launch them. Here is when a "hack" is used to securely launch the game. After that, no javascript scripts are running. |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:20 PM |
On this very page there is a running java script
I cant paste it but there is at least one on the page source don't even have to scroll down. |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:21 PM |
| Wrong. Thanks to w3, you are not able to "send malicious files" to anyone you would like without their knowing. |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:22 PM |
| Well my scan of this site shows 44 XSS holes in a linked page. |
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:22 PM |
| How does a javascript extension or javascript to keep this page dynamic have anything to do with the game? |
|
|
| Report Abuse |
|
|
Flatflow
|
  |
| Joined: 09 Oct 2010 |
| Total Posts: 11264 |
|
|
| 21 Nov 2012 04:25 PM |
I didn't say in game I said on the website people can use XSS holes to "Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user."
|
|
|
| Report Abuse |
|
|
iethalz
|
  |
| Joined: 29 Jun 2012 |
| Total Posts: 98 |
|
|
| 21 Nov 2012 04:25 PM |
Let me guess, your "knowledge" is coming from free software you found from googling "omgz lemme pretend 2 b pro haxxor plzzz"?
Well here is a fact. Your software doesn't tell you that amazon doesn't allow try-hards to edit files they host. |
|
|
| Report Abuse |
|
|
Dulexo
|
  |
| Joined: 07 Mar 2015 |
| Total Posts: 32755 |
|
|
| 21 Nov 2012 04:25 PM |
| ROBLOX Runs on Java, not Javascript. |
|
|
| Report Abuse |
|
|