Discuss Scratch

novice27b
Scratcher
1000+ posts

Test Post, plz ignore

Just testing some potential BBCode security issues, hopefully where nobody will see…

Last edited by novice27b (Dec. 9, 2016 22:54:44)


Super Hexagon in Scratch! Desktop specs: 2x Intel Xeon X5450 @ 3.0GHz, 32GB DDR2 ECC RAM, GTX 480, 128GB NVMe SSD, Arch Linux / MacOS / Windows 10
RIP dynamic sigs. Both bugs I found have now been patched
novice27b
Scratcher
1000+ posts

Test Post, plz ignore

More test



Last edited by novice27b (Dec. 9, 2016 22:51:04)


Super Hexagon in Scratch! Desktop specs: 2x Intel Xeon X5450 @ 3.0GHz, 32GB DDR2 ECC RAM, GTX 480, 128GB NVMe SSD, Arch Linux / MacOS / Windows 10
RIP dynamic sigs. Both bugs I found have now been patched
card100
Scratcher
1000+ posts

Test Post, plz ignore

First of all, your taking advantage of another language. Second of all, the BBcode is VERY sandboxed.

-card100



Search all posts by me by searching on Google:
as;dflasdfpa98qweryhasdfvpiajnsdfvoaphsdnfajo
novice27b
Scratcher
1000+ posts

Test Post, plz ignore

card100 wrote:

First of all, your taking advantage of another language. Second of all, the BBcode is VERY sandboxed.
It isn't sandboxed, it's a markup language. It's output is supposed to be syntactically valid HTML, although I found an exploitable bug which in this case could enable a 3rd party website to automatically force you to follow another scratch user.

I'm currently deciding whether to report to ST or DjangoBB first.

Last edited by novice27b (Dec. 17, 2016 17:46:37)


Super Hexagon in Scratch! Desktop specs: 2x Intel Xeon X5450 @ 3.0GHz, 32GB DDR2 ECC RAM, GTX 480, 128GB NVMe SSD, Arch Linux / MacOS / Windows 10
RIP dynamic sigs. Both bugs I found have now been patched

Powered by DjangoBB

Standard | Mobile