I'm banned from the Silentlambs Website (page 4)

Trauma_Hound

Kismet, abviously you don't have a clue, I hacked nothing. It wasn't a matter of hacking the sight, it's called a security flaw, basically the entire section is open to anyone to post HTML code, and I'm not the first, I simply pointed out where the problem was to him in e-mail, a 5 year old that has any basic concept of HTML can do this. So NO I didn't not hack the site. I pointed out the potential for the problem, instead of having it fixed, I was banned. Had I been malicious about it, I could have the entire site going some place like a porn site, so yes I did him a favor. What do you think the WTBS would do with the knowledge I possess?

SLOAN - He attacked me first, I'm just a lowly ex-jw, not good enough to admin a website, he better tell e-bay that, that just contacted me about a job.

Edited to add:

Just called him, he wasn't there when I called, I assumed I talked to his wife, and he's still in town, waiting on a call back from him.

Edited by - Trauma_Hound on 5 January 2003 16:54:16

RevMalk

I didn't realize we were necessarily blaming Bill for the banning. I seriously doubt that Bill himself could have done it. Not without being taught to do so, and last I knew he wouldn't have a clue as to how to do it. I think Webby would be the only one that this point that could answer the questions at hand.

But for those who are viewing this as an attack against Bill, give me a break. People are just saying how they feel about things, and what they see, and they're speculating. It happens every day in life, get over it.

If Bill or Webby or who knows who doesn't want me on their site, then so be it, I'm not going to lose sleep over it.

For what it's work, from what Trauma is saying, this was not a hack job. Meaning he did nothing wrong, to cause an info box to appear is no reason to ban someone from the site, no matter who did it. Especially considering all that Trauma has done for silentlambs. I'm not saying who did it, but it's obviously been done, and that's all I was pointing out. I find no harm in that.

wednesday

Had I been malicious about it, I could have the entire site going some place like a porn site, so yes I did him a favor. What do you think the WT. BS would do with the knowledge I possess?

sounds like a threat.

RevMalk

Had I been malicious about it, I could have the entire site going some place like a porn site, so yes I did him a favor. What do you think the WT. BS would do with the knowledge I possess?

sounds like a threat.

haha, I think if someone were to be inclined to do such a thing they'd have sense enough not to announce it first.

Just my opinion.

Trauma_Hound

sounds like a threat.

No it's called a comparison, I didn't do that, nor would I, I pointed out the potential for something like that in the e-mail, with someone that would be malicious.

Simon

It sounds like a cross-site scripting vulterability. If you can add HTML code to run from another site then this can be used to steal cookies etc ... and take advantage of peoples trust of that site to do harm.

I think banning someone who pointed out something like this is a bit short sighted although I can also see the 'sys admin' side of things if someone has actually done it.

Let's not fall out over it though cause I think we're all agreed that we don't want the SL website to be vulnerable or the security of people visiting it to be compromised although we may have different ideas as to the best approach.

Trauma_Hound

I dunno, I think the best approach is to fix it, I told him how it could be fixed. It's simple, it just a serverside script, takes two lines of code.

RevMalk

The problem is, the guestbook accepts HTML, and ALL HTML code. sort of like this site does. The difference is, Simon's doesn't allow all code, near as I can tell. For instance, I tried placing a quote on here from LambsRoar, using javascript. It wasn't anything malicious of course, but it wouldn't allow me to do so, and that's a good thing really. Otherwise we could have a field day with Simon's site, haha. Anyway, they have no reason to accept HTML at silentlambs, and Trauma pointing that out was to help them, I'm sure. Otherwise he'd have done alot worse than leaving a message for Bill to contact him.

Makes sense?

Simon

he he he ...I worked very hard to make sure that most HTML code is allowed (so people can use nice formatting and copy and paste easily) but anything that could be bogus is stripped. All client script, either in script tags or inline attributes are removed out along with object tags, meta tags and a few others (such as redundant style attributes that word puts in). I can control what is allowed down to specific elements and attributes (and could even allow some but not others etc...).

Unless HTML is required for formatting (which I doubt for a guestbook) then I think the safest think would have been just to HTML encode everything.

teenyuck

Cassi...I e-mailed you!

I'm banned from the Silentlambs Website

Share this