|
|
32
|
|
|
|
030626
|
|
... |
|
%32
|
|
030626
|
|
... |
|
s
|
|
030626
|
|
... |
|
w
|
|
030626
|
|
... |
|
ls -l
|
|
030626
|
|
... |
|
|
|
030626
|
|
... |
|
x20
|
|
030626
|
|
... |
|
|
|
030626
|
|
... |
|
a
|
|
030626
|
|
... |
|
|
|
030626
|
|
... |
|
f
|
|
030626
|
|
... |
|
e
|
|
030626
|
|
... |
|
v
|
|
030626
|
|
... |
|
\_
|
|
030626
|
|
... |
|
\%
|
|
030626
|
|
... |
|
|
|
030626
|
|
... |
|
z
|
|
030626
|
|
... |
|
()
|
|
030626
|
|
... |
|
char
|
|
030626
|
|
... |
|
init(0);
|
ok, mr tester. playing with javascript, css and html is fine, but trying to pull a remote command execution isn't funny. the source code is availiable at http://blather.newdream.net/src/ by all means download and play with on a test server.
|
030626
|
|
... |
|
return(69);
|
i'm not trying to remote execute anything. just trying to figure out how "somebody" bypassed the name/email requirement
|
030626
|
|
... |
|
jane
|
hmm i wonder who you are.. haha
|
030626
|
|
... |
|
minnesota_chris
|
I'm wondering if the cop, or the robber, was user24. Or both?!? wishes he understood programming
|
030627
|
|
... |
|
string
|
see: conspiracy_theory
|
030627
|
|
... |
|
User(24);
|
in this case, I was init(0) if you enter a load of spaces, your name will come out as 'somebody'. if you enter your name as <!-- --> you'll have no name at all. I'm going to be testing @ user24s_test_site3 tonight, so hopefully there'll be some more coolnesses re: funny things you can do with names/emails and if you weren't trying to do a remote command execution, what was 'ls -l' about?
|
030627
|
|
... |
|
somebody
|
so ha!
|
030627
|
|
... |
|
|
and ha again!
|
030627
|
|
... |
|
jane
|
you can also remove your name by typing
|
030627
|
|
... |
|
jane
|
" "
|
030627
|
|
... |
|
j
|
damn it it just removes itself! um... how about & # 3 2 ;
|
030627
|
|
... |
|
|
& # 32 ; test
|
030627
|
|
... |
|
|
why, yes, & # 32; it does work! (no spaces) User24 is impressed.
|
030627
|
|
... |
|
|
i may have to start leaving noname.
|
030627
|
|
... |
|
User32
|
that was an experiment to get to the directory listings. i thought it might be useful for the d, i, & h directories
|
030627
|
|
... |
|
User24
|
ahh. good call, I like your style.
|
030627
|
|
... |
|
User32
|
and i like your <style>
|
030627
|
|
... |
|
User32
|
and i like your <style> (dammit)
|
030627
|
|
... |
|
User24
|
may start a directory of blatherhacks 3 words: http://blather.newdream.net/cgi-bin/blather?randomlinks who-style recent: http://blather.newdream.net/cgi-bin/blather?who;name= random blathe: http://blather.newdream.net/cgi-bin/blather?random (nice to set that as yer homepage) Recent list: http://blather.newdream.net/cgi-bin/blather?recent html, css and javascript can be inserted in the 'you' field of the add form. entering spaces as 'you' will result in an unclickable name of 'somebody' being shown as your name entering <>, or as your name will result in no name being entered entering a backslash in any field will cause a temporary blather_crash, only visible by you. entering incredibly long words as blathes will make links to those words break, ie; the_odds_of_generating_numbers_by_throwing_three_d you can enter no text at all in the 'says' part of the add form by entering <blah> that's about all I can remember. there may be more.
|
030627
|
|
... |
|
User24
|
heh, thanks, you've got some fresh ideas, and I like that.
|
030627
|
|
... |
|
|
.
|
030627
|
|
... |
|
|
test
|
030627
|
|
... |
|
|
test
|
030627
|
|
... |
|
sigma
|
oddly enough... i can't seem to open the sourcecode file... so much for grand ideas. :)
|
030804
|
|
... |
|
User24
|
as I remember, it's tarred, I think winzip can handle .tar files, if not, I'm sure zipcentral does
|
030806
|
|
... |
|
User24
|
entering </aname will result in 'name' being unclickable <---- like that!
|
030806
|
|
... |
|
User24
|
ahem.. that's </a>name
|
030806
|
|
... |
|
sage
|
fixed, i think ... \ and \" and fun fun fun
|
030819
|
|
... |
|
sage
|
and a " without the \
|
030819
|
|
... |
|
u24
|
(belated) thankyou. User32, see: index_of_i index_of_d index_of_h for the dir lists.
|
040102
|
|
... |
|
somebody
|
.
|
040102
|
|
... |
|
girl_jane
|
flavors and then some
|
040207
|
|
... |
|
out of respect for ani
|
quote
|
040207
|
|
... |
|
bird
|
one more impending birthday i'm not particularly looking forward to
|
040207
|
|
... |
|
|
hacker balther...
|
080304
|
|
|
what's it to you?
who
go
|
blather
from
|