Forum Overview :: Break This Forum
 
Re: pointy-0.9.4 security testing by Senor Barborito 03/29/2003, 2:52am PST
Rear Admiral Stew wrote:

The code

1. I'd like suggestions on html tags and attributes to ban.

Currently banned:
script, blink, html, head, body, link, meta, style, and the style attribute

2. Try to break it. Specifically, try to sneak in banned stuff using malformed html.

-/ES/-


The plaintext tag needs to be banned --SB <BR> <BR> </TD> <TD BACKGROUND="images/pointy-default-post_06.gif"></TD> </TR> <TR> <TD><IMG SRC="images/pointy-default-post_07.gif" BORDER="0" ALT=""></TD> <TD BACKGROUND="images/pointy-default-post_08.gif"></TD> <TD><IMG SRC="images/pointy-default-post_09.gif" BORDER="0" ALT=""></TD> </TR> <TR> <TD></TD> <TD WIDTH="100%"> <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ALIGN="center"> <TR> <TD ALIGN="left"> <A HREF="?action=viewPost&pid=27228"><IMG SRC="images/pointy-default-previousbutton.gif" ALT="PREVIOUS" BORDER="0" ALT=""></A> <A HREF="?action=viewPost&pid=27230"><IMG SRC="images/pointy-default-nextbutton.gif" ALT="NEXT" BORDER="0" ALT=""></A> </TD> <TD ALIGN="right"> <A HREF="/pointy.php?action=makePost1337&ppid=27229"><IMG SRC="images/pointy-default-replybutton.gif" ALT="REPLY" BORDER="0"></A> <A HREF="/pointy.php?action=makePost1337&ppid=27229&quote=true"><IMG SRC="images/pointy-default-replyquotebutton.gif" ALT="QUOTE" BORDER="0"></A> </TD> <TD></TD> </TR> </TABLE> </TD> </TR> </TABLE> </TD> </TR> <TR><TD>&nbsp;</TD></TR> <!-- THE THREAD --> <TR> <TD WIDTH="100%"> <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="5" ALIGN="center"> <TR> <TD CLASS="medium"> <A HREF="?action=viewPost&pid=27228">pointy-0.9.4 security testing</A> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Rear Admiral Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 2:49am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;<SPAN CLASS="highlight">Re: pointy-0.9.4 security testing</SPAN> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Senor Barborito</SPAN> <SPAN CLASS="small"> 03/29/2003, 2:52am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27230">Re: pointy-0.9.4 security testing</A> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Rear Admiral Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:00am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27231">image &#039;size&#039; attribute now blocked</A> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Senor Barborito</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:02am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27232">Just an Auto NT test.</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Fussbett</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:09am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27233">I can dig it</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Entropy Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:11am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27234">Henceforth let &quot;NMT&quot; stand for Not Much Text. (NMT)</A> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Fussbett</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:11am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27235">ot = optional text? -ot-</A> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Entropy Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:12am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27236">Half my work is already done before I even start!</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">conflictNo</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:18am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27240">Test</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Entropy Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:27am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27250">OK, fixed the &lt;!-- open tag problem. Thanks barb</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Entropy Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:53am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27251">&lt;!--</A> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Senor Barborito</SPAN> <SPAN CLASS="small"> 03/29/2003, 3:54am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27253">Holy fuck that was nasty</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Senor Barborito</SPAN> <SPAN CLASS="small"> 03/29/2003, 4:13am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="?action=viewPost&pid=27254">I = sloppy</A> <I> NT</I> <SPAN CLASS="small">by </SPAN> <SPAN CLASS="highlight_author">Entropy Stew</SPAN> <SPAN CLASS="small"> 03/29/2003, 4:14am PST</SPAN> <IMG SRC="images/pointy-default-new.gif" ALT="NEW" BORDER="0" ALT=""><BR> </TD> </TR> </TABLE> </TD> </TR> <!-- THE FOOTER --> <TR><TD>&nbsp;</TD></TR> <TR> <TD WIDTH="100%" ALIGN="center"> <IMG SRC="images/pointy-default-pointylogo.gif" BORDER="0" ALT="powered by pointy"> </TD> </TR> <TR><TD>&nbsp;</TD></TR> </TABLE> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("UA-2716345-2"); pageTracker._initData(); pageTracker._trackPageview(); </script> </BODY> </HTML>