vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   < script language="JavaScript" > is parsing even HTML is disabled (https://vborg.vbsupport.ru/showthread.php?t=216068)

ed2k_2 06-13-2009 12:04 PM
< script language="JavaScript" > is parsing even HTML is disabled
 
When i tested this javascript,

Code:
< script language="JavaScript" > document.location= "http://www.google.com" < /script >
it suddenly executed and also my board has the html settings disabled. how could i fix this?

IdanB 06-13-2009 12:12 PM
you wrote this script where exactly ?
and can you explain what you mean by "it suddenly executed".

ed2k_2 06-13-2009 12:13 PM
i wrote it on a post. then after posting it, the script redirected me to google.com

ragtek 06-13-2009 12:13 PM
Happens that also which disabled pluginsystem?

IdanB 06-13-2009 12:17 PM
if you found any "exploit" in the system that allows to execute javascript i would highly advise on discussing it with staff/admins & avoid providing exact details here, to prevent anyone from exploiting this information till proper update is released.

ForumsMods 06-13-2009 12:53 PM
In which version of vB?
<script language="JavaScript"> document.location= "http://www.google.com" </script>

Doesnt work here.

cono1717 06-13-2009 02:33 PM
Have you enables HTML for the usergroup that posted it.

Go to yourforum.com/admincp and then go to Usergroups > Usergroup Manager and Disable HTML for every usergroup.

You may have to rebuild your post cache for this to take effect, the html code should then not excecut and just appear like Gaspers Post.


All times are GMT. The time now is 07:47 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01111 seconds
  • Memory Usage 1,716KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete