| Author |
 Topic  |
|
Shaggy
Support Moderator
Ireland
6780 Posts |
 Posted - 13 March 2009 : 05:42:31
|
quote:
Originally posted by HuwR
it is still possible to exploit ASP forms too if you do some research on google
True, of course  I was just referring to the specific exploit Bobby linked to which was for CGI.
I actually think (but need confirmation), given how inc_mail.asp is written with all e-mail headers specified explicitly, that Snitz can't be hijacked like that - if it could, I'm sure we would have heard about it by now 
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 13 March 2009 : 08:02:12
|
quote:
I actually think (but need confirmation), given how inc_mail.asp is written with all e-mail headers specified explicitly, that Snitz can't be hijacked like that - if it could, I'm sure we would have heard about it by now
I'm not so sure, how else would one send email? As far as I know they all work like that for ASP, I think the forums strength is that you need to be logged in with a valid email address in order to use the email facility and you are therefore traceable, whereas these exploits are on drive by contact forms that anyone can submit you do not need to be registered to use them. |
|
|
|
TastyNutz
Junior Member
USA
251 Posts |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 14 March 2009 : 14:51:46
|
If you want transparent numbers (no white), then here are the icons ... Download.
This is what they look like:
         
|
Edited by - Etymon on 14 March 2009 14:54:24 |
|
|
|
Carefree
Advanced Member
Philippines
4207 Posts |
Posted - 14 March 2009 : 15:36:32
|
Line 250 is missing the source information for the javascript routine. It should say "<script type=""text/javascript"" src=""fieldlimiter.js"">" & vbNewLine & _
|
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 14 March 2009 : 17:26:31
|
| there really is no point in using scrollcode tags to display a single line of code. It is a lot easier to read if you just use a normal code tag |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 14 March 2009 : 17:28:06
|
quote:
Originally posted by Etymon
If you want transparent numbers (no white), then here are the icons ... Download.
This is what they look like:
I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped. |
|
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
Carefree
Advanced Member
Philippines
4207 Posts |
Posted - 14 March 2009 : 18:51:23
|
quote:
Originally posted by HuwR
there really is no point in using scrollcode tags to display a single line of code. It is a lot easier to read if you just use a normal code tag
I have it encoded in a macro, I'll have to write a new one for this forum. |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 14 March 2009 : 19:10:33
|
quote:
Originally posted by HuwR
I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.
Good spot, Huw. I didn't see that. I began wearing glasses last spring for the first time ever. I often kid myself by thinking I don't need them for reading the monitor!  |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 15 March 2009 : 02:43:02
|
quote:
Originally posted by Etymon
quote:
Originally posted by HuwR
I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.
Good spot, Huw. I didn't see that. I began wearing glasses last spring for the first time ever. I often kid myself by thinking I don't need them for reading the monitor!
LOL, you are obviously getting old like me, I started when I could no longer hold my pda far enough away to see it now I can't even see anything on my PC without glasses, it is just a fuzzy blur. Oh the joys of getting older. |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 15 March 2009 : 03:12:08
|
Doh!  |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 15 March 2009 : 04:55:28
|
Hey leatherlips,
Did you include password.asp in your MOD? |
|
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 15 March 2009 : 13:38:37
|
Not really. Just was pointing out that the administrator's email address is exposed there as well. I'm not sure about Snitz 3.4.06, but since it is in Snitz 3.4.07, I am guessing the same code is in Snitz 3.4.06.
Snitz 3.4.07 - password.asp
Line 67:
If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
Line 72:
If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
Line 95:
If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.
Line 100:
If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums. |
Edited by - Etymon on 15 March 2009 13:39:11 |
|
|
|
Topic |
|
Contact Page MOD
