Flying pictures

For testing of level sketches, avatars, banners and BBCodes.

Moderators: Flumminator, Zomis

User avatar
Venatir
Posts: 47
Joined: Sun Oct 15, 2006 10:07 am

Flying pictures

Post by Venatir »

go to viewtopic.php?t=17
and copy
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5;DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++} setInterval('A()',5); void( 0 )
then paste in the url

If you paste it more than once, it'll speed up.
Last edited by Venatir on Wed Nov 08, 2006 3:33 pm, edited 2 times in total.
User avatar
Francesco
Posts: 577
Joined: Thu Dec 29, 2005 2:22 pm
Location: Sardinia (Italy)
Contact:

Post by Francesco »

Well, that's really cool... nice point!
Anyway, by the way, have fun!
Francesco
Zomis
Posts: 1502
Joined: Mon Jun 21, 2004 1:27 pm
Location: Sweden
Contact:

Post by Zomis »

LOL, I must say! I didn't know that it was possible to execute javascripts that way on pages :shock: That sounds like it could be a security hack possibilty on some pages...
User avatar
Holger
Site Admin
Posts: 4073
Joined: Fri Jun 18, 2004 4:13 pm
Location: Germany
Contact:

Post by Holger »

Funny! :-D
Tomi
Posts: 339
Joined: Wed Aug 03, 2005 3:37 pm
Location: Slovakia

Post by Tomi »

Nicely done script. BTW, setInterval(A,5) works as well. http://developer.mozilla.org/en/docs/DO ... etInterval

Zomis: yes, JavaScript can be executed that way. Even more cool is that "javascript:" urls can even be bookmarked to make "bookmarklets" which can be executed on pages to do some coolness. (For example, if you bookmark the script above, you can then execute it on any page.) "Greasemonkey" firefox extension elevates this concept even further.

And no, this is not a security hole, because the user has to type the URL in (or click on the link) anyway. However, lately there's another, related type of attack: XSS (Cross-site scripting). If phpBB had a security hole, I could insert a "script" tag inside this post, which would run the script inside it every time the post is shown. The script could consist of these steps: 1. open profile of currently logged-in user in background. 2. get his password, change his password, steal some data, make fake posts, etc. (whatever I wish). 3. send information (e.g. passwords) to intruder's server. 4. make more (fake) posts that contain the script so it spreads further.
Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. »

@Tomi: How would you get or change a person's password? The user would have to type it in.

(Shouldn't this topic be in the "Off Topic" section?)
The H. World levelset can be downloaded from http://www.bd-fans.com/RnD.html -- search The H. World on that page.
User avatar
Venatir
Posts: 47
Joined: Sun Oct 15, 2006 10:07 am

Post by Venatir »

it wasent me who made the script

Where I found the script
User avatar
RAP
Posts: 317
Joined: Sat Jun 19, 2004 6:44 pm

Post by RAP »

I tried but the pictures are not flying, suggestions? :?
Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. »

Well, does your web browser support JavaScript?
The H. World levelset can be downloaded from http://www.bd-fans.com/RnD.html -- search The H. World on that page.
Tomi
Posts: 339
Joined: Wed Aug 03, 2005 3:37 pm
Location: Slovakia

Post by Tomi »

Daniel: you're right, getting one's password isn't very likely. (Only if the software had a button with something like "I forgot my password, but fortuately I'm logged in, please tell me what is my password".:) But the script could read user's session ID from a cookie in user's browser and notify the script author, giving him access to a session where the user is logged in, and then he could by direct access get any data he needs.

But I'm getting off topic now, so for this discussion to continue, it should be split into another thread, or continue only via PM. (The first variant is preferable, because that way other people can read it too.)
User avatar
RAP
Posts: 317
Joined: Sat Jun 19, 2004 6:44 pm

Post by RAP »

Daniel H. wrote:Well, does your web browser support JavaScript?
No, but what's that and its it a program? :?
User avatar
Jannik
Posts: 135
Joined: Fri Jan 27, 2006 2:55 pm
Location: Germany

Post by Jannik »

I couldn't get javascript-URLs to work in Internet Explorer (although Scripting was enabled), even something simple like javascript:alert('hi'); didn't work.
In Mozilla Firefox it works.
Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. »

I wrote:Well, does your web browser support JavaScript?
Ryan P. wrote:No, but what's that and its it a program? :?
It's a part of most web browsers today that allows Java-style code to be executed client-side on websites.

What web browser do you use?
The H. World levelset can be downloaded from http://www.bd-fans.com/RnD.html -- search The H. World on that page.
User avatar
RAP
Posts: 317
Joined: Sat Jun 19, 2004 6:44 pm

Post by RAP »

Daniel H. wrote:What web browser do you use?
On my Dad's computer: Mozllia Firefox (now uninstalled for some reason)
and my computer is Internet Explorer 7! :D
Last edited by RAP on Fri Nov 10, 2006 10:11 pm, edited 1 time in total.
Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. »

Well, those browsers definitely should support JavaScript. Maybe it is turned off?

:?

I don't know what else I can say.
The H. World levelset can be downloaded from http://www.bd-fans.com/RnD.html -- search The H. World on that page.
Post Reply