and Heidster used some crap about a new quest starting so habbos security didn't look as crap as it actually is.
Printable View
and Heidster used some crap about a new quest starting so habbos security didn't look as crap as it actually is.
..only Habbo addicts would do that. "/.Quote:
Originally Posted by PenguinFluid
Just to come on the net to use Habbo only, no other sites lmao. :S
Habbo can fix the XSS flaw if they try..
Go on Habbo.co.uk, in the address bar paste: javascript:alert(document.cookie);
The "hacker" gets that sent to his email. He can use the JSSessionID to get into your account.
How's that send it to his email?!Quote:
Originally Posted by Invent
edit: o ya dont matter.
Some things in Habbo allow you to specify the data in say an input form by doing "?formname=">+javascript code" or something, lol.
Oh interesting...
How would Habbo patch this?
bobba It Knowing Them! Lol, Nice Find.Quote:
Originally Posted by Never
LOLOLOLQuote:
Originally Posted by Black-Sheak
Im gonna be a little more carefull from now on xD
But not be a habbo addict and not visit sites lolol
Both of those MOD's signed my guestbook.
habbo.co.uk/home/bill
It's very easy to patch, just filter the input for the GET variables :) What I don't know is how the session ID is gonna help them to touch your account.