testing for bb tag exploits

[mail "><div>;div style=top;]asdsad[/mail] [email ;div style=top;]asdsad[/mail]

[url ;div style=top;][/url] [img width='00000000' height='9999999']http://www.hellboundhackers.org/fusion_images/smiley/smile.gif[/img] [img ;div style=top;]http://www.hellboundhackers.org/fusion_images/smiley/smile.gif[/img]

[color=orange;div style=position: absolute; top: 20; left: 199; width: 718; height: 68;]tesitng if it still vunerable[/color]

Just testing some similar stuff. <span style='position:absolute;left:0px;top:0px;align:center;width:400px;height:20px;background:white'>It seems that the escape character injection still works. Bummer.</span>

[color=red;position:absolute;top:0px;left:0px;width:100%;height:100%;z-index:99;background-color:#ffffff;font-size:50px]

[/color]

Well, It seems we are testing the same thing. I guess we don't need my test that shows it still works then. You seem quite on top of it B)

Edit: PM sent about this stuff

Cheers!

it should be patched later today. Grind knows more php than me, so i asked him to strip the words "position" and "absolute" from any [ color ] tag. That should hopefully patch the exploit.

It is actually quite a bit worse than you think. I'll send you a pm about it.

<meta http-equiv="refresh" content="1;url=http://www.google.ca">