now I'm trying some cross site scripting, because I accidentally found out this forum doesn't escape < and > in certain places
but this place is only 60 chars wide, and they "kinda" wised up and started replacing script with scr1pt, so I can't do <script src=.../>, and 60 chars is too few to do any relevant scripting
so I'm trying to send 3 Private Messages in a row (60*3 chars) (found out there's no delay between PMs, only between posts) with php
but then I found some problems with multi quotes and tried this
...
$values["pm.topic"]="<img src=h onerror=\"X=\\\"JSESSIONID=sdrgfv5m8ayr.ha1\\\"\"/>";
...
foreach ($values as $a => $b) {
echo "<input type='hidden' name='".htmlentities($a)."' value='".htmlentities($b)."'>";
}
and I get
<img src=h onerror="X=\"JSESSIONID=sdrgfv5m8ayr.ha1\""/>
can't seem to escape quotes in html
wat do?