this is crazy??<br>http://www.holux.com/product/search.htm?filename=gpsreceiver_bluetooth_gpslim236.htm&target=gpsreceiver00&level=grandsonson<br>+++++++++++++++++<br>function loadTarget(){<br> if ((filename!=\"\")&(target!=\"\")&(level!=\"\")){<br> parent.mainFrame.location.href = filename+\"?target=\"+target+\"&level=\"+level;<br> }<br>}<br>+++++++++++++++++<br><br>=>http://www.holux.com/product/search.htm?filename=http://www.yahoo.com&target=search&level=search<br><br><br>
no not crazy.<br><br>it's not entirely harmless. But everything interesting happens on the client side,<br>and within the right context.<br><br>You could make a website, and appear to be html injecting, this could<br>fool some people, and allow you to steal information.<br><br>But the technology does not allow you to execute any code on the remote host, <br>nor is it RFI or LFI.<br><br>javascript is also not executed with the credentials of the site, so ..<br><br>besides url spoofing .. it doesn't really do you much good imho
any chance someone can explain what this code does exactly? Is it just a way fo rpetending to be another url or what? Sorry for my ignorance... <img alt="\":)\"" src="%5C">
<pre>
if ((filename!=\"\")&(target!=\"\")&(level!=\"\"))
</pre><br><br>for the record to avoid confusion, and easy mistakes, <br>they should have used the logic && instead of the binarry<br>&. Just good practice.<br>