| Author |
 Topic  |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
 Posted - 05 December 2005 : 01:14:07
|
A security related bug has been found in the password.asp file. The following fix should fix the issue.
In password.asp, change line 52 from this:if Request.Form("mode") <> "DoIt" and Request.Form("mode") <> "UpdateIt" and Request.QueryString("pwkey") = "" thento this:if Request.Form("mode") <> "DoIt" and Request.Form("mode") <> "UpdateIt" and trim(Request.QueryString("pwkey")) = "" then
On line 54, change from this:elseif Request.QueryString("pwkey") <> "" and Request.Form("mode") <> "UpdateID" thento this:elseif trim(Request.QueryString("pwkey")) <> "" and Request.Form("mode") <> "UpdateID" then
UPDATED - Feb. 22, 2006
On line 81, change from this:elseif Request.Form("pwkey") <> "" and Request.Form("mode") = "UpdateIt" thento this:elseif trim(Request.Form("pwkey")) <> "" and Request.Form("mode") = "UpdateIt" then< |
Edited by - Davio on 26 September 2006 05:42:04 |
|
|
Bassman
Junior Member
Netherlands
256 Posts |
Posted - 05 December 2005 : 05:20:30
|
| Thanks for the update Davio.< |
 |
|
|
pweighill
Junior Member
United Kingdom
453 Posts |
Posted - 05 December 2005 : 13:57:23
|
Should you also update line 81:
fromelseif Request.Form("pwkey") <> "" and Request.Form("mode") = "UpdateIt" thentoelseif trim(Request.Form("pwkey")) <> "" and Request.Form("mode") = "UpdateIt" then?< |
|
|
|
wildfiction
Junior Member
167 Posts |
Posted - 06 December 2005 : 20:30:29
|
Thanks for the updates guys.
pweighill -> I have that on line 93...? (and I don't recall ever editing my password.asp file)< |
|
|
|
pweighill
Junior Member
United Kingdom
453 Posts |
Posted - 07 December 2005 : 15:54:16
|
quote:
Originally posted by wildfiction
I have that on line 93...?
It's line 81 in the source code I downloaded a couple of days ago. The exact line number doesn't really matter though, as long as you can find the line.
Shouldn't a v3.4.06 version be relased with the security fixes included so that new people downloading the code don't need to apply any patches at the start?< |
|
|
|
JohnC
Junior Member
215 Posts |
Posted - 12 December 2005 : 09:16:00
|
| So do we update line 81 too?< |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 12 December 2005 : 13:35:45
|
If a member of the DEV Team or Moderator didn't suggest to modify line 81, then I would suggest you don't. Unless you know what you are doing. Of course you are always free to make changes to your forum code. 
We have tested it and don't see where line 81 would cause any security risk to the forum. If anyone can reproduce the bug with this fix, then we will look at it again.
I was unable to reproduce the bug after this fix.< |
Support Snitz Forums
|
|
|
|
JohnC
Junior Member
215 Posts |
Posted - 12 December 2005 : 15:32:56
|
| Thank you kindly, Davio. Keep up the good work. Happy Holidays to you and yours!< |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 13 February 2006 : 10:14:38
|
Davio ; sorry to dig up this topic, and to re-ask the same question, but....
Line 81-82 currently says this:
elseif Request.Form("pwkey") <> "" and Request.Form("mode") = "UpdateIt" then
key = chkString(Request.Form("pwkey"),"SQLString")
Wouldn't this give a risk with a modified HTTP post, where the request.form("PWKEY") is spoofed ?< |
portfolio - linkshrinker - oxle - twitter |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 22 February 2006 : 11:28:53
|
| Marcel, after some more testing, you are correct. A security announcement will be posted.< |
Support Snitz Forums
|
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
|
| |
Topic |
|
Forum Locked
Topic Locked
