32 030626 ... %32 030626 ... s 030626 ... w 030626 ... ls -l 030626 ... 030626 ... x20 030626 ... 030626 ... a 030626 ... 030626 ... f 030626 ... e 030626 ... v 030626 ... \_ 030626 ... \% 030626 ... 030626 ... z 030626 ... () 030626 ... char 030626 ... init(0); ok, mr tester. playing with javascript, css and html is fine, but trying to pull a remote command execution isn't funny. the source code is availiable at http://blather.newdream.net/src/ by all means download and play with on a test server. 030626 ... return(69); i'm not trying to remote execute anything. just trying to figure out how "somebody" bypassed the name/email requirement 030626 ... jane hmm i wonder who you are.. haha 030626 ... minnesota_chris I'm wondering if the cop, or the robber, was user24. Or both?!? wishes he understood programming 030627 ... string see: conspiracy_theory 030627 ... User(24); in this case, I was init(0) if you enter a load of spaces, your name will come out as 'somebody'. if you enter your name as <!-- --> you'll have no name at all. I'm going to be testing @ user24s_test_site3 tonight, so hopefully there'll be some more coolnesses re: funny things you can do with names/emails and if you weren't trying to do a remote command execution, what was 'ls -l' about? 030627 ... somebody so ha! 030627 ... and ha again! 030627 ... jane you can also remove your name by typing 030627 ... jane " " 030627 ... j damn it it just removes itself! um... how about & # 3 2 ; 030627 ... & # 32 ; test 030627 ... why, yes, & # 32; it does work! (no spaces) User24 is impressed. 030627 ... i may have to start leaving noname. 030627 ... User32 that was an experiment to get to the directory listings. i thought it might be useful for the d, i, & h directories 030627 ... User24 ahh. good call, I like your style. 030627 ... User32 and i like your &#60;style> 030627 ... User32 and i like your <style> (dammit) 030627 ... User24 may start a directory of blatherhacks 3 words: http://blather.newdream.net/cgi-bin/blather?randomlinks who-style recent: http://blather.newdream.net/cgi-bin/blather?who;name= random blathe: http://blather.newdream.net/cgi-bin/blather?random (nice to set that as yer homepage) Recent list: http://blather.newdream.net/cgi-bin/blather?recent html, css and javascript can be inserted in the 'you' field of the add form. entering spaces as 'you' will result in an unclickable name of 'somebody' being shown as your name entering <>, or as your name will result in no name being entered entering a backslash in any field will cause a temporary blather_crash, only visible by you. entering incredibly long words as blathes will make links to those words break, ie; the_odds_of_generating_numbers_by_throwing_three_d you can enter no text at all in the 'says' part of the add form by entering <blah> that's about all I can remember. there may be more. 030627 ... User24 heh, thanks, you've got some fresh ideas, and I like that. 030627 ... . 030627 ...  test 030627 ...  test 030627 ... sigma oddly enough... i can't seem to open the sourcecode file... so much for grand ideas. :) 030804 ... User24 as I remember, it's tarred, I think winzip can handle .tar files, if not, I'm sure zipcentral does 030806 ... User24 entering </aname will result in 'name' being unclickable <---- like that! 030806 ... User24 ahem.. that's </a>name 030806 ... sage fixed, i think ... \ and \" and fun fun fun 030819 ... sage and a " without the \ 030819 ... u24 (belated) thankyou. User32, see: index_of_i index_of_d index_of_h for the dir lists. 040102 ... somebody . 040102 ... girl_jane flavors and then some 040207 ... out of respect for ani quote 040207 ... bird one more impending birthday i'm not particularly looking forward to 040207 ... hacker balther... 080304 what's it to you? who go blather from