| Author |
 Topic  |
|
|
Sonic
New Member
Germany
82 Posts |
 Posted - 11 January 2006 : 13:54:32
|
maybe a security bug
if someone has a --> upload file mod
and asp is enabled to store
or someone can execute asp files on the server
or someone can rename files on the server...
someone can make a page like this
-->
<%
'strCookieURL = "http://www.victim.com/forum/"
strCookieURL = Left(Request.ServerVariables("Path_Info"), InstrRev(Request.ServerVariables("Path_Info"), "/"))
Session(strCookieURL & "Approval") = "15916941253"
%>
<a href="http://www.victim.com/forum/admin_config_system.asp">Main Forum Configuration</a><br>
<a href="http://www.victim.com/forum/admin_config_features.asp">Feature Configuration</a><br>
etc.....
and can pass the admin login and can change things without permission
if the file is somewhere else stored he can use the first strCookieURL variable
solution can be this:
edit this in the admin pages -->
if Session(strCookieURL & "Approval") <> "15916941253" then
Response.Redirect "admin_login.asp?target=admin_config_order.asp"
end if
to -->
if Session(strCookieURL & "Approval") = "94534545622235" and mlev = 4 then
note:(change to a other number everywhere)
and add at the end of the admin page -->
else
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
Response.Redirect "admin_login.asp?target=" & scriptname(ubound(scriptname))
end If
so an admin must be login to edit.
someone other see only the login page.
|
ich finds genial...
bei uns ist es ratzekuz dunkel und bei dene alle heller nachmittag  |
Edited by - Da_Stimulator on 05 March 2006 23:32:41 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 11 January 2006 : 20:10:55
|
| Snitz does not include an upload mod in its code, so there may be a security issue, but it is definitely mod related. What's more, if you allow someone to upload asp pages to your forum, you're asking for trouble! |
Snitz 3.4 Readme | Like the support? Support Snitz too |
 |
|
|
Helterskelter
Junior Member
United Kingdom
331 Posts |
Posted - 12 January 2006 : 03:39:47
|
If some one implomented their own upload mod then is could be a problem.
How ever all the uploads mods at www.snitzbitz.com all have restrictions, allowing you to only upload specific files types.
If a user changed them to allow asp files then their asking for trouble.
I mad a small mod that allowed me to edit ASP on the fly. How ever i no longer use just incase some peeps found away around it and have direct access to my files.
Helter |
 |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 13 January 2006 : 18:17:00
|
| well, speaking from experience, i can tell you that the method of exploit you describe is not very likely. if asp or other server side scripts can be uploaded, the hacker is ready. he can then to anything he wants; upload a script like ntdaddy for instance. |
portfolio - linkshrinker - oxle - twitter |
|
|
|
bobby131313
Senior Member
USA
1163 Posts |
Posted - 13 January 2006 : 20:19:33
|
There was a security issue in one of the windows server software versions that would allow an upload of something like file.jpg.asp when file.asp would not go. Even with .asp banned in the upload mod, it went anyway.
It happened to me on my previous host. Fortunately it didn't go any further than my uploaded folder and it was designed to replace all versions of "home" pages. Each of my user folders within my uploaded folder had all the new pages. I don't even know how long they were there because there are no home pages in those folders. It was terrorist propaganda. |
Switch the order of your title tags |
Edited by - bobby131313 on 13 January 2006 20:20:13 |
|
|
|
Sonic
New Member
Germany
82 Posts |
Posted - 14 January 2006 : 03:53:04
|
the issue can happen too if someone can enter the Session code into a sql injection...
he may not have to upload a asp file...
if the sql injection is sucessfull he can acess all admin pages because the session is true... |
ich finds genial...
bei uns ist es ratzekuz dunkel und bei dene alle heller nachmittag |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 14 January 2006 : 04:38:55
|
Sessions are not handled through the database, so how can the session code be "entered" through an SQL injection?
Also, current base code, as far as we know, is protected against SQL injections. For mods we cannot state the same. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 14 January 2006 : 05:52:04
|
| could a moderator move this topic, it has nothing to do with current snitz code. If you allow users to upload files to your webspace then it is your responsibility to ensure that your webspace has the correct security in place to ensure it is not compromised, that is not the responsibility of Snitz. |
|
|
| |
Topic |
|
Topic Locked
