pop_profile.asp
Lines 918-924
case "goModify"
if strNoCookies = "1" and strAuthType = "db" then
if strDBNTUserName = "" then
strDBNTUserName = chkString(Request.Form("Name"),"SQLString")
end if
end if
Form Field referred in the statement highlighted in red is incorrect it should be changed to
strDBNTUserName = chkString(Request.Form("User"),"SQLString")
Lines 1007-1009
" <input type=""hidden"" name=""User"" value=""" & chkString(Request.Form("User"),"SQLString") & """>" & vbNewLine & _
" <input type=""hidden"" name=""Pass"" value=""" & chkString(Request.Form("Pass"),"SQLString") & """>" & vbNewLine & _
" <input type=""hidden"" name=""Refer"" value=""" & Request.Form("Refer") & """>" & vbNewLine
The statement in red will cause the password be viewed as Unencrypted, when doing view source.
This should be changed to
" <input type=""hidden"" name=""User"" value=""" & strDBNTUserName & """>" & vbNewLine & _
" <input type=""hidden"" name=""Pass"" value=""" & strEncodedPassword & """>" & vbNewLine & _
" <input type=""hidden"" name=""Refer"" value=""" & Request.Form("Refer") & """>" & vbNewLine
Forum Locked
Topic Locked
Posted - 23 October 2002 : 20:38:12
