Snitz Forums 2000 - Security bug with pop

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Snitz Forums 2000 DEV-Group

DEV Bug Reports (Closed)

Security bug with pop_messengers.asp

Forum Locked

Topic Locked

Printer Friendly

Author

Topic

mios
Junior Member

United Kingdom
101 Posts

Posted - 30 July 2002 : 06:42:42

There is a cross-site scripting loop hole in pop_messengers.asp that could easily allow some one to access anyones cookies.

I won't say exactly how you do it, but this will give you an idea http://forum.snitz.com/forum/pop_messengers.asp?mode=ICQ&ICQ=9739438&M_NAME=<span+style='color:red;font-size:50pt'>Boo!</span>

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 30 July 2002 : 16:00:04

to fix this, on line #40 of pop_messengers.asp insert the following line:

<!--#INCLUDE FILE="inc_functions.asp" -->

Then on line #55 change the following:

<% =Request.QueryString("M_NAME") %>

to this:

<% =chkString(Request.QueryString("M_NAME"),"display") %>

v3.4 does not have this vulnerability because M_NAME is not passed via the querystring.

dayve
Forum Moderator

USA
5820 Posts

Posted - 30 July 2002 : 17:00:29

when you say ACCESS someone's cookies, does this mean read them?

http://www.nineinchnailz.com

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 30 July 2002 : 17:02:20

It's the same problem as when someone could use an image tag to point to a javascript file on a remote site that could read cookies from this site.

Jeepaholic
Average Member

USA
697 Posts

Posted - 30 July 2002 : 18:13:55

Thanks guys!

Al Bsharah
Jeepaholics Anonymous

Gato
New Member

Brazil
92 Posts

Posted - 30 July 2002 : 19:26:39

May I know how is it passed?

Massimo
Junior Member

Italy
125 Posts

Posted - 30 July 2002 : 19:55:36

I have inserted the fix but it does not change null?

http://www.superdeejay.net/forumgold/pop_messengers.asp?mode=ICQ&ICQ=9739438&M_NAME=<span+style='color:red;font-size:50pt'>Boo!</span>

Massimo Farieri
===============
http://www.superdeejay.net/

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 30 July 2002 : 20:19:25

This is a very easy fix. Make sure that you change only what I indicated above, and that you change it exactly as I have indicated above.

Aaron S.
Average Member

USA
985 Posts

Posted - 30 July 2002 : 21:23:45

Here is the file with the patch applied - just change .txt to .asp:

http://www.potf2.com/forums/mod/pop_messengers.txt

--Aaron

DOWNLOAD GREAT NEW MODS HERE

Massimo
Junior Member

Italy
125 Posts

Posted - 31 July 2002 : 10:42:37

I have fix well?

http://www.superdeejay.net/forumgold/pop_messengers.asp?mode=ICQ&ICQ=9739438&M_NAME=<span+style='color:red;font-size:50pt'>Boo!</span>

tanks..
ciao!

Massimo Farieri
===============
http://www.superdeejay.net/

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 31 July 2002 : 12:15:30

Yes, that is how it should look after the fix is applied.

philipio
Starting Member

4 Posts

Posted - 05 August 2002 : 03:30:05

Is the latest version affected by this problem?

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 05 August 2002 : 05:24:31

Yes.

«-----------------------------------»
Join the Snitz Forums WebRing !

Deleted
deleted

4116 Posts

Posted - 17 August 2002 : 13:48:30

Fixed in v4b03patch005 (released now, download link here).

Stop the WAR!

Topic

Forum Locked

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.17 seconds.