FatalBreeze
07-22-2006, 07:38 AM
Hi guys, i've noticed that if im in the shop and uses this link:
.../ushop.php?do=richestusers&page=<script>alert("Owned%20By%20FatalBreeze")</script>
it works!!
maybe we should just add intval() or something like that?
as a noob coder im not exactly aware of the consequences this may have, but i guess they are pretty harsh.
btw, im using the latest version of uCash&uShop on vB 3.5.4.
.../ushop.php?do=richestusers&page=<script>alert("Owned%20By%20FatalBreeze")</script>
it works!!
maybe we should just add intval() or something like that?
as a noob coder im not exactly aware of the consequences this may have, but i guess they are pretty harsh.
btw, im using the latest version of uCash&uShop on vB 3.5.4.