So this is interesting..., page 1 - Forum

tfishell

Remorse: The List, if you like FPS psych horror

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Oct 2010

From United States

Posted June 05, 2015

1

Cities: Skylines wishlist entry pops up "1" and can cause the browser to crash.

"a","alert(1)"] 23 hrs. ago manifest_pw
"></img src=x onerror=alert(1)/>

Post edited June 06, 2015 by tfishell

Smannesman Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Smannesman

4-bit classic

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Oct 2010

From Netherlands

Posted June 05, 2015

2

Yay.

toxicTom Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

toxicTom

Big Daddy

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Feb 2009

From Germany

Posted June 05, 2015

3

tfishell: http://www.gog.com/wishlist/games/cities_skylines

"a","alert(1)"] 23 hrs. ago manifest_pw
"></img src=x onerror=alert(1)/>

Hmm. Dangerous stuff. Input not properly checked/encoded.

Austrobogulator Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Austrobogulator

~

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jan 2010

From Australia

Posted June 05, 2015

4

Maybe you should have posted a screenshot instead...

leon30 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

leon30

.-.. . --- -.

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Feb 2011

From Bulgaria

Posted June 05, 2015

5

tfishell: http://www.gog.com/wishlist/games/cities_skylines

"a","alert(1)"] 23 hrs. ago manifest_pw
"></img src=x onerror=alert(1)/>

You've been nasty :D

VanishedOne Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

VanishedOne

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Dec 2012

From United Kingdom

Posted June 05, 2015

6

Well, the wishlist is in beta. :-P

Fever_Discordia Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Fever_Discordia

Don't Panic

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2010

From United Kingdom

Posted June 05, 2015

7

I just someone has alerted The Blue Ones?

jpilot Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

jpilot

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2014

From Netherlands

Posted June 05, 2015

8

Wow, this is a really nasty bug. If someone wanted to be evil (which you always have to assume), it would easily be possible to steal people's session information and possibly login information, without anyone noticing.

Asbeau Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Asbeau

shot the food

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2011

From United Kingdom

Posted June 05, 2015

9

I clicked your link to see and it crashed my Chrome and I lost all my tabs. Thanks for that.

misteryo Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

misteryo

you are required to own on gog

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Sep 2008

From United States

Posted June 05, 2015

10

jpilot: Wow, this is a really nasty bug. If someone wanted to be evil (which you always have to assume), it would easily be possible to steal people's session information and possibly login information, without anyone noticing.

Can anyone confirm this? I am not so sure this is true.

F4LL0UT Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

F4LL0UT

Get Showgunners!

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jun 2011

From Poland

Posted June 05, 2015

11

Austrobogulator: Maybe you should have posted a screenshot instead...

Agreed. Although a big "DON'T VISIT THE WISHLIST FOR THE LOVE OF GOD DON'T DO IT SOMETHING'S SERIOUSLY WRONG THERE!!!" probably would have been even better. Oh well, at least if my account gets hijacked now I know why. Because of tfishell. :P

jpilot Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

jpilot

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2014

From Netherlands

Posted June 05, 2015

12

jpilot: Wow, this is a really nasty bug. If someone wanted to be evil (which you always have to assume), it would easily be possible to steal people's session information and possibly login information, without anyone noticing.

misteryo: Can anyone confirm this? I am not so sure this is true.

Just to explain a little bit: The thing is, once you are able to insert arbitrary JavaScript code into a website (which obviously is the case here), you can execute that code with the permissions the user's webbrowser grants the scripts on that page (the browser simply cannot distinguish that malicious code from normal code used by the website), which means, the script has access to all data available to to it immediately through the global JavaScript context, as well as through any AJAX script or any website URL on that same host. So the script could possibly (and this is very likely as there does not seem to be a validation of that change through a confirmation email) even change your own password without you knowing it.

Rozenman Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Rozenman

Wanderer

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jul 2014

From Poland

Posted June 05, 2015

13

Austrobogulator: Maybe you should have posted a screenshot instead...

F4LL0UT: Agreed. Although a big "DON'T VISIT THE WISHLIST FOR THE LOVE OF GOD DON'T DO IT SOMETHING'S SERIOUSLY WRONG THERE!!!"

Adding more atmosphere:
https://youtu.be/31Zo-NK1p-g?t=136

jpilot: Just to explain a little bit: The thing is, once you are able to insert arbitrary JavaScript code into a website (which obviously is the case here), you can execute that code with the permissions the user's webbrowser grants the scripts on that page (the browser simply cannot distinguish that malicious code from normal code used by the website), which means, the script has access to all data available to to it immediately through the global JavaScript context, as well as through any AJAX script or any website URL on that same host. So the script could possibly (and this is very likely as there does not seem to be a validation of that change through a confirmation email) even change your own password without you knowing it.

Сan you be safe if you use Galaxy only?

Post edited June 05, 2015 by Rozenman

Avogadro6 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Avogadro6

Sporco RAZZIsta

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Sep 2011

From Italy

Posted June 05, 2015

14

Guys, guys, it's all fine. I'm sure if there was a problem Gog would have informed us!

Rozenman Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Rozenman

Wanderer

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jul 2014

From Poland

Posted June 05, 2015

15

Avogadro6: Guys, guys, it's all fine. I'm sure if there was a problem Gog would have informed us!

Or maybe on the contrary, huh. Moreover they could not know about it.

Discover CD PROJEKT RED games

Highlights

Featured