Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Open)
 there was a big bug		  New Topic  Topic Locked
 Printer Friendly
Author  Topic Next Topic  

dreamasterw3b
Starting Member

USA
4 Posts
Posted - 28 February 2016 :  21:41:56  Show Profile
https://www.exploit-db.com/exploits/36585/

I patched two of the ones I found by checking with isnumeric - here's the fix I did with topic.asp

if Request.QueryString("TOPIC_ID") = "" and Request.QueryString("mode") <> "getIP" and Request.Form("Method_Type") <> "login" and Request.Form("Method_Type") <> "logout" then
Response.Redirect "default.asp"
Response.End
else
if isNumeric(Request.QueryString("TOPIC_ID")) = true then
Topic_ID = Request.QueryString("TOPIC_ID")
else
response.write("**** off")
response.end
end if
end if


It stopped whatever bot was injecting useless cialis ads that weren't readable since the infection started with /title

My guess is none of the navigation URL links are sanitized.

Just wanted to post a "quick Fix" for folks that aren't programmers.

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 28 February 2016 :  22:07:23  Show Profile
This is not the correct forum for bugs, and this was identified a long time ago. The following is a bit cleaner than your example.


If (Trim(Request.QueryString("TOPIC_ID")) = "" Or IsNumeric(Request.QueryString("TOPIC_ID")) = False) And Request.Form("Method_Type") <> "login" And Request.Form("Method_Type") <> "logout" Then
	Response.Redirect "default.asp"
	Response.End
Else
	Topic_ID = CLng(Request.QueryString("TOPIC_ID"))
End If
Edited by - Carefree on 28 February 2016 22:09:02
Go to Top of Page

dreamasterw3b
Starting Member

USA
4 Posts
Posted - 28 February 2016 :  22:36:45  Show Profile
Can you please move this over to that forum?

Also, was topic.asp?TOPIC_ID=61314&whichpage=2&ARCHIVE=

Addressed too? whichpage allows for manipulation.
Go to Top of Page

dreamasterw3b
Starting Member

USA
4 Posts
Posted - 28 February 2016 :  22:46:20  Show Profile
ps - it might be cleaner but it's less satisfying
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 28 February 2016 :  22:52:34  Show Profile
To preclude any non-numeric "whichpage" values from being passed, just add this line below those I posted:

If Trim(Request("WhichPage")) > "" And IsNumeric(Request("WhichPage")) = False Then Response.Redirect	"default.asp"
Go to Top of Page

dreamasterw3b
Starting Member

USA
4 Posts
Posted - 28 February 2016 :  23:19:05  Show Profile
I used isNumeric as a quick fix, Microsoft never fixed the isNumeric not working properly so converting it to long might be better.

offhand, would you know all the scripts that read from the URL so I can scrub them?
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 29 February 2016 :  03:42:02  Show Profile  Visit HuwR's Homepage
As carefree suggested, if you had the CURRENT code this would not be an issue as it was fixed a long time ago.
Go to Top of Page
   Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.11 seconds. Powered By: Snitz Forums 2000 Version 3.4.07