everthing "could be exploitable"

from now on you guys should state why as wel. This isn't an obscure thing, once you know what it is you'll know why.

fun...

if you logged in wrongly, what would happen. just wondering as the value tag isn't closed (might have been mentioned before) but my point - and i do have one - is that you can add an onmouseover or something similar as a username if it is repeated and voila, session stolen. no need to add the < or > tags

EDIT: just wondering, if it's not xss we're looking for would you be so kind as to let us know?

"Value tag" is closed, since its two single quotes ?

so round four i guess. No winners.

I wonder how bitchy y'all going to be when i finally say what i have in mind.

I noticed an error message when trying to login.

"Your request seems invalid. Try requesting a new page. (forms become invalid when you browse ahead or back)."

yeah their session stuff will do that. not really my interest right now.

wow round4 was pretty lame, I guess I better fork over the info soon. O no wait, the majority of their admins have always been bichy.

well this was enlightening, I never would have guessed you guys wouldn't get this in 4 days or whatever it was.

ah well your loss.