Flying pictures

For testing of level sketches, avatars, banners and BBCodes.

Moderators: Flumminator, Zomis

User avatar
Venatir
Posts: 47
Joined: Sun Oct 15, 2006 10:07 am

Flying pictures

Post by Venatir » Fri Nov 03, 2006 9:26 pm

go to viewtopic.php?t=17
and copy
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5;DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++} setInterval('A()',5); void( 0 )
then paste in the url

If you paste it more than once, it'll speed up.
Last edited by Venatir on Wed Nov 08, 2006 3:33 pm, edited 2 times in total.

User avatar
Francesco
Posts: 577
Joined: Thu Dec 29, 2005 2:22 pm
Location: Sardinia (Italy)
Contact:

Post by Francesco » Fri Nov 03, 2006 11:26 pm

Well, that's really cool... nice point!
Anyway, by the way, have fun!
Francesco

User avatar
Zomis
Posts: 1501
Joined: Mon Jun 21, 2004 1:27 pm
Location: Sweden
Contact:

Post by Zomis » Sat Nov 04, 2006 9:52 am

LOL, I must say! I didn't know that it was possible to execute javascripts that way on pages :shock: That sounds like it could be a security hack possibilty on some pages...

User avatar
Holger
Site Admin
Posts: 2634
Joined: Fri Jun 18, 2004 4:13 pm
Location: Germany
Contact:

Post by Holger » Sat Nov 04, 2006 10:50 am

Funny! :-D

Tomi
Posts: 339
Joined: Wed Aug 03, 2005 3:37 pm
Location: Slovakia

Post by Tomi » Mon Nov 06, 2006 6:41 pm

Nicely done script. BTW, setInterval(A,5) works as well. http://developer.mozilla.org/en/docs/DO ... etInterval

Zomis: yes, JavaScript can be executed that way. Even more cool is that "javascript:" urls can even be bookmarked to make "bookmarklets" which can be executed on pages to do some coolness. (For example, if you bookmark the script above, you can then execute it on any page.) "Greasemonkey" firefox extension elevates this concept even further.

And no, this is not a security hole, because the user has to type the URL in (or click on the link) anyway. However, lately there's another, related type of attack: XSS (Cross-site scripting). If phpBB had a security hole, I could insert a "script" tag inside this post, which would run the script inside it every time the post is shown. The script could consist of these steps: 1. open profile of currently logged-in user in background. 2. get his password, change his password, steal some data, make fake posts, etc. (whatever I wish). 3. send information (e.g. passwords) to intruder's server. 4. make more (fake) posts that contain the script so it spreads further.

Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. » Mon Nov 06, 2006 11:40 pm

@Tomi: How would you get or change a person's password? The user would have to type it in.

(Shouldn't this topic be in the "Off Topic" section?)

User avatar
Venatir
Posts: 47
Joined: Sun Oct 15, 2006 10:07 am

Post by Venatir » Tue Nov 07, 2006 3:44 pm

it wasent me who made the script

Where I found the script

User avatar
RAP
Posts: 255
Joined: Sat Jun 19, 2004 6:44 pm

Post by RAP » Tue Nov 07, 2006 11:17 pm

I tried but the pictures are not flying, suggestions? :?

Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. » Wed Nov 08, 2006 1:32 am

Well, does your web browser support JavaScript?

Tomi
Posts: 339
Joined: Wed Aug 03, 2005 3:37 pm
Location: Slovakia

Post by Tomi » Wed Nov 08, 2006 5:21 pm

Daniel: you're right, getting one's password isn't very likely. (Only if the software had a button with something like "I forgot my password, but fortuately I'm logged in, please tell me what is my password".:) But the script could read user's session ID from a cookie in user's browser and notify the script author, giving him access to a session where the user is logged in, and then he could by direct access get any data he needs.

But I'm getting off topic now, so for this discussion to continue, it should be split into another thread, or continue only via PM. (The first variant is preferable, because that way other people can read it too.)

User avatar
RAP
Posts: 255
Joined: Sat Jun 19, 2004 6:44 pm

Post by RAP » Thu Nov 09, 2006 4:34 am

Daniel H. wrote:Well, does your web browser support JavaScript?
No, but what's that and its it a program? :?

User avatar
Jannik
Posts: 135
Joined: Fri Jan 27, 2006 2:55 pm
Location: Germany

Post by Jannik » Thu Nov 09, 2006 7:23 am

I couldn't get javascript-URLs to work in Internet Explorer (although Scripting was enabled), even something simple like javascript:alert('hi'); didn't work.
In Mozilla Firefox it works.

Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. » Thu Nov 09, 2006 9:48 pm

I wrote:Well, does your web browser support JavaScript?
Ryan P. wrote:No, but what's that and its it a program? :?
It's a part of most web browsers today that allows Java-style code to be executed client-side on websites.

What web browser do you use?

User avatar
RAP
Posts: 255
Joined: Sat Jun 19, 2004 6:44 pm

Post by RAP » Thu Nov 09, 2006 11:12 pm

Daniel H. wrote:What web browser do you use?
On my Dad's computer: Mozllia Firefox (now uninstalled for some reason)
and my computer is Internet Explorer 7! :D
Last edited by RAP on Fri Nov 10, 2006 10:11 pm, edited 1 time in total.

Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. » Fri Nov 10, 2006 2:11 am

Well, those browsers definitely should support JavaScript. Maybe it is turned off?

:?

I don't know what else I can say.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest