Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 BUG+FIX: 'GROUP' variable not sanitized		  Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Davio
Development Team Member

Jamaica
12217 Posts
Posted - 04 June 2006 :  21:10:54  Show Profile
A security related bug has been found in inc_header.asp. The following fix should fix the issue.

This bug can only affect you if you have Group Categories enabled on your forum.

In inc_header.asp, change line 125 from this:
Group = Request.Cookies(strCookieURL & "GROUP")
to this:
Group = cLng(Request.Cookies(strCookieURL & "GROUP"))
<
Support Snitz Forums
Edited by - Davio on 26 September 2006 05:43:30

tinem
Junior Member

Denmark
209 Posts
Posted - 05 June 2006 :  01:52:30  Show Profile  Send tinem an ICQ Message
quote:
Originally posted by Davio
This bug can only affect you if you have Group Categories enabled on your forum.


Thanks for this information. I use vers. 3.4.03 in danish and have made several forums BUT I don't know if I use Group Categories.:-(

Where should I read/look for this, please?<
This account was hacked by that very honest guy, Image. Better take care with your personal data, if you register to his forums or he will hack into your account here, as well.
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts
Posted - 05 June 2006 :  02:10:53  Show Profile
If you don't know if you're using Group Categories, then you are probably not using it.

I suggest you apply the fix anyway, just in case you decide to use Group Categories sometime in the near future.

But to answer your question though, Admin Options --> Feature Configuration --> Group Categories.<
Support Snitz Forums
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 05 June 2006 :  11:35:20  Show Profile  Visit muzishun's Homepage
Good catch on that. I've been doing quite a few modifications to inc_header.asp lately, and I never even noticed that one.

Thanks for the fix.<
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts
Posted - 06 August 2006 :  22:47:59  Show Profile
Fixed in 3.4.06.<
Support Snitz Forums
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.12 seconds. Powered By: Snitz Forums 2000 Version 3.4.07