Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Open)
 Two places need QueryString checked
 New Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

telecomputers
Starting Member

USA
28 Posts

Posted - 08 October 2012 :  01:09:30  Show Profile  Reply with Quote
Hello,

Here are two forum files that have been getting tested quite a bit recently from various parts of the world.

pop_printer_friendly.asp

Examples of injection attempts:

GET /Forum/pop_printer_friendly.asp?TOPIC_ID=mgbarszonntts
GET /Forum/pop_printer_friendly.asp?TOPIC_ID=qkqjebpwlax

We fixed this by checking:

if (Request.QueryString("TOPIC_ID") = "" or IsNumeric(Request.QueryString("TOPIC_ID")) = False)

post.asp

Example of injection attempts:

GET /forum/post.asp?method=Topic&FOR/default.asp
GET /forum/post.asp?method=Topic&FOR/register.asp

We fixed this by checking:

if (Request.QueryString("FORUM_ID") = "" or IsNumeric(Request.QueryString("FORUM_ID")) = False)

Hope this helps...

j.squires

HuwR
Forum Admin

United Kingdom
20563 Posts

Posted - 08 October 2012 :  02:36:24  Show Profile  Visit HuwR's Homepage
Sorry, but what version of the forum are you looking at ?

The first code line in pop_printer_friendly.asp does this
Topic_ID = cLng(Request.QueryString("TOPIC_ID")) so you can't inject anything as it would error unless it was a valid long int

post.asp already checks TOPIC_ID, FORUM_ID, CAT__ID and REPLY_ID so your report and fix are both incorrect

MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.01 seconds. Powered By: Snitz Forums 2000 Version 3.4.07