generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Club Houses » ROBLOX Talk
Home Search
 

Re: So if

Previous Thread :: Next Thread 
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 03:46 PM
If I say Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

It gets deleted?
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 03:47 PM
k no? or they slow if I say roblox has 44 hack prime areas which is true?
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 03:49 PM
So if I were to say these 44 issues were in the Cross Site Scripting (Which they are) I don't understand why you deleted my other thread,
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:02 PM
You cannot inject ANY of those script languages into roblox
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:02 PM
Lol java can be inserted into fairly everything this site has java scripts in it.
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:07 PM
You make me LOL too hard.

Alright so first of all roblox doesn't use java... at all. If you were referring to javaSCRIPT, then you are also wrong. This is due to the fact that javascript cannot be injected into the server. You can mess up your client, but believe me, that will not get you ANYTHING.
Report Abuse
IFantastyScripter1 is not online. IFantastyScripter1
Joined: 25 Aug 2011
Total Posts: 25769
21 Nov 2012 04:07 PM
h4x langauge?
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:08 PM
lolk mainly the page can be vulnerable to XSS.
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:09 PM
"It is also possible to modify the content of the page presented to the user. "

EVERYONE knows this is possible, well anyone who has ever learned the basics of browsers. The reason most web developers and ROBLOX does not care about this is that it cannot be fixed, and w3 hasn't done anything about patching it because it is useful to web developers, and cannot harm the website itself AT ALL.
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:11 PM
Well most pages on this site aren't in danger of XSS but this special one is.
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:12 PM
Watch out guys the mods fingers are itching of the delete post and lock post buttons careful!
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:12 PM
Yes, the page could be vulnerable to XSS (which you did not state in your original post). Anyways, there is pretty much no way use XSS on roblox, due to the fact that there is no way to initiate the script on everyone's page. Also, you cannot steal another user's cookie unless they manually download a third party program and change the HTTPonly settings.
Report Abuse
dudestar747 is not online. dudestar747
Joined: 16 Feb 2010
Total Posts: 13865
21 Nov 2012 04:13 PM
Confused
Report Abuse
SoEpic1337 is not online. SoEpic1337
Joined: 22 Oct 2011
Total Posts: 28506
21 Nov 2012 04:13 PM
ROBLOX did not use any builder for games.

Every game built from a builder runs Java(Script).

Every other game has an more better running script software.
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:14 PM
By not fixing an XSS hole this could allow possible user account compromise in portions of your site as they get added or updated.
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:15 PM
If you were to find a page vulnerable to injection, then PM me for some real exploiting. In the most common scenario, you are simply lying to mask the fact that your argument is invalid.
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:16 PM
XSS holes can allow Javascript insertion, which may allow for limited execution. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side.

End Of.
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:18 PM
The javascript used in "games" is just to launch them. Here is when a "hack" is used to securely launch the game. After that, no javascript scripts are running.
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:20 PM
On this very page there is a running java script


I cant paste it but there is at least one on the page source don't even have to scroll down.
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:21 PM
Wrong. Thanks to w3, you are not able to "send malicious files" to anyone you would like without their knowing.
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:22 PM
Well my scan of this site shows 44 XSS holes in a linked page.
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:22 PM
How does a javascript extension or javascript to keep this page dynamic have anything to do with the game?
Report Abuse
Flatflow is not online. Flatflow
Joined: 09 Oct 2010
Total Posts: 11264
21 Nov 2012 04:25 PM
I didn't say in game I said on the website people can use XSS holes to "Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user."
Report Abuse
iethalz is not online. iethalz
Joined: 29 Jun 2012
Total Posts: 98
21 Nov 2012 04:25 PM
Let me guess, your "knowledge" is coming from free software you found from googling "omgz lemme pretend 2 b pro haxxor plzzz"?

Well here is a fact. Your software doesn't tell you that amazon doesn't allow try-hards to edit files they host.
Report Abuse
Dulexo is not online. Dulexo
Joined: 07 Mar 2015
Total Posts: 32755
21 Nov 2012 04:25 PM
ROBLOX Runs on Java, not Javascript.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Club Houses » ROBLOX Talk
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image