Welcome to Geeklog Friday, August 14 2020 @ 05:19 am EDT

Security

JavaScript Backend Grabber

  • Saturday, August 17 2002 @ 04:30 am EDT
  • Contributed by:
  • Views: 10,418
Security I recently came across with a cool (err, depends on how you look at it) Javascript that grabs the backend stuff (external css, etc) off of any website:

javascript:var%20text=\'\';%20css=document.styleSheets;
%20for%20(c=0;c<css.length;c++)%20%20js=
document.getElementsByTagName(\'script\');
%20for%20(j=0;j<js.length;j++)%20with
%20(open(\'\',\'\',\'width=600,height=
400,scrollbars,resizable,status\').document)%20

Just copy and paste the above code as a bookmark, and then simply run the bookmark while you\'re at the page you want to \"grab\" from.

The reason I\'m posting here is because I wanted to ask whether or not GeekLog could be modified to block this particular javascript (and others of its like)?

[Editor\'s note: code should be all in one line - broken down into pieces so as to not break the site\'s layout -- Dirk]

Gallery Security Issue

  • Thursday, August 01 2002 @ 08:45 am EDT
  • Contributed by:
  • Views: 6,048
Security

Since many here are using Gallery together with Geeklog, I'd like to point out that a security vulnerability has been found in Gallery which affects versions 1.2.5 and 1.3.0 of that package.

Read all about it on the Gallery homepage (story includes instructions on how to patch existing installations).

bye, Dirk

Page navigation