Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Contact Page MOD
 New Topic  Reply to Topic
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 3

Shaggy
Support Moderator

Ireland
6780 Posts

Posted - 13 March 2009 :  05:42:31  Show Profile  Reply with Quote
quote:
Originally posted by HuwR
it is still possible to exploit ASP forms too if you do some research on google
True, of course I was just referring to the specific exploit Bobby linked to which was for CGI.

I actually think (but need confirmation), given how inc_mail.asp is written with all e-mail headers specified explicitly, that Snitz can't be hijacked like that - if it could, I'm sure we would have heard about it by now


Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 13 March 2009 :  08:02:12  Show Profile  Visit HuwR's Homepage  Reply with Quote
quote:
I actually think (but need confirmation), given how inc_mail.asp is written with all e-mail headers specified explicitly, that Snitz can't be hijacked like that - if it could, I'm sure we would have heard about it by now


I'm not so sure, how else would one send email? As far as I know they all work like that for ASP, I think the forums strength is that you need to be logged in with a valid email address in order to use the email facility and you are therefore traceable, whereas these exploits are on drive by contact forms that anyone can submit you do not need to be registered to use them.
Go to Top of Page

TastyNutz
Junior Member

USA
251 Posts

Posted - 14 March 2009 :  08:49:12  Show Profile  Visit TastyNutz's Homepage  Reply with Quote
quote:
Originally posted by Shaggy

[black]Good work, LL; surprised it's taken this long for somebody to come up with a mod like this.


There was already a basic mod for hiding the admin email.
http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=65403&SearchTerms=contact+admin

But nobody noticed the pop up form itself still left the admin email exposed.


PowerQuad Disability Support Forum
Go to Top of Page

Etymon
Advanced Member

United States
2385 Posts

Posted - 14 March 2009 :  14:51:46  Show Profile  Visit Etymon's Homepage  Reply with Quote
If you want transparent numbers (no white), then here are the icons ... Download.

This is what they look like:





Edited by - Etymon on 14 March 2009 14:54:24
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts

Posted - 14 March 2009 :  15:36:32  Show Profile  Reply with Quote
Line 250 is missing the source information for the javascript routine. It should say
			"<script type=""text/javascript"" src=""fieldlimiter.js"">" & vbNewLine & _
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 14 March 2009 :  17:26:31  Show Profile  Visit HuwR's Homepage  Reply with Quote
there really is no point in using scrollcode tags to display a single line of code. It is a lot easier to read if you just use a normal code tag
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 14 March 2009 :  17:28:06  Show Profile  Visit HuwR's Homepage  Reply with Quote
quote:
Originally posted by Etymon

If you want transparent numbers (no white), then here are the icons ... Download.

This is what they look like:








I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.
Go to Top of Page

leatherlips
Senior Member

USA
1838 Posts

Posted - 14 March 2009 :  17:43:46  Show Profile  Visit leatherlips's Homepage  Reply with Quote
quote:
Originally posted by Carefree

Line 250 is missing the source information for the javascript routine.

Actually, it is not incorrect. I added it just like the instructions said from the source (Dynamic Drive). Mine works perfectly on my page the way I have it. The javascript source is in the inc_header page as per the instructions.

Regarding numbers, you can use any number gifs you want. Just overwrite the ones I included with your own.

Mangione Magic Forum - The Music of Chuck Mangione

My Mods: Googiespell MOD | Link To Reply MOD | Petition MOD | Contact Page MOD | Share This Topic MOD | MP3 MOD | PageEar MOD | Google Viewer MOD
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts

Posted - 14 March 2009 :  18:51:23  Show Profile  Reply with Quote
quote:
Originally posted by HuwR

there really is no point in using scrollcode tags to display a single line of code. It is a lot easier to read if you just use a normal code tag



I have it encoded in a macro, I'll have to write a new one for this forum.
Go to Top of Page

Etymon
Advanced Member

United States
2385 Posts

Posted - 14 March 2009 :  19:10:33  Show Profile  Visit Etymon's Homepage  Reply with Quote
quote:
Originally posted by HuwR
I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.



Good spot, Huw. I didn't see that. I began wearing glasses last spring for the first time ever. I often kid myself by thinking I don't need them for reading the monitor!
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 15 March 2009 :  02:43:02  Show Profile  Visit HuwR's Homepage  Reply with Quote
quote:
Originally posted by Etymon

quote:
Originally posted by HuwR
I'm pretty sure the numbers are supposed to be that way, it isn't a white background if you look closely, it is striped.



Good spot, Huw. I didn't see that. I began wearing glasses last spring for the first time ever. I often kid myself by thinking I don't need them for reading the monitor!



LOL, you are obviously getting old like me, I started when I could no longer hold my pda far enough away to see it now I can't even see anything on my PC without glasses, it is just a fuzzy blur. Oh the joys of getting older.
Go to Top of Page

Etymon
Advanced Member

United States
2385 Posts

Posted - 15 March 2009 :  03:12:08  Show Profile  Visit Etymon's Homepage  Reply with Quote
Doh!
Go to Top of Page

Etymon
Advanced Member

United States
2385 Posts

Posted - 15 March 2009 :  04:55:28  Show Profile  Visit Etymon's Homepage  Reply with Quote
Hey leatherlips,

Did you include password.asp in your MOD?
Go to Top of Page

leatherlips
Senior Member

USA
1838 Posts

Posted - 15 March 2009 :  07:40:54  Show Profile  Visit leatherlips's Homepage  Reply with Quote
quote:
Originally posted by Etymon

Hey leatherlips,

Did you include password.asp in your MOD?

No. Do you have a suggestion?

Mangione Magic Forum - The Music of Chuck Mangione

My Mods: Googiespell MOD | Link To Reply MOD | Petition MOD | Contact Page MOD | Share This Topic MOD | MP3 MOD | PageEar MOD | Google Viewer MOD
Go to Top of Page

Etymon
Advanced Member

United States
2385 Posts

Posted - 15 March 2009 :  13:38:37  Show Profile  Visit Etymon's Homepage  Reply with Quote
Not really. Just was pointing out that the administrator's email address is exposed there as well. I'm not sure about Snitz 3.4.06, but since it is in Snitz 3.4.07, I am guessing the same code is in Snitz 3.4.06.

Snitz 3.4.07 - password.asp

Line 67:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.

Line 72:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.

Line 95:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.

Line 100:

If this problem persists, please contact the <a href=""mailto:" & strSender & """>Administrator</a> of the forums.

Edited by - Etymon on 15 March 2009 13:39:11
Go to Top of Page
Page: of 3 Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.13 seconds. Powered By: Snitz Forums 2000 Version 3.4.07