Posts: 1486 Location: #valhalla Joined: 08.10.07 Rank: God
Posted on 16-10-10 22:17
I know its nothing, but it is still just a minor bug... A bug is a bug... It does not work properly, that means it is a bug... Even if it is totally minor.
It's. Not. A. Bug.
You could do exactly the same thing by using firebug and changing your rendered html. It does nothing. There is no exploit here.
RE: script filter bug?
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 17-10-10 04:31
steal your cookies for their use....
I would not need to steal cookies. I could just change your pass.
No you couldn't. I've already tried that with a real XSS hole on this site. The only way you'd have a shot of changing the password or actually doing anything of interest would be to:
2. Now that you already have the token and cookies, all you have to do is change your IP. Use something like this (http://stackoverf. . .ip-address) to 'spoof' you're IP (basically just send a one way connection to hbh to change password or do whatever you want).
The first step is really easy but good luck getting the second part to work.