Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Code Support: ASP (Non-Forum Related)
 What's the obsession with -1'		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

bobby131313
Senior Member

USA
1163 Posts
Posted - 16 February 2015 :  15:58:49  Show Profile  Visit bobby131313's Homepage  Reply with Quote
Pretty much any file on my site that uses a numeric querystring is attempted to load with a -1' value. Always China, Pakistan, Turkey, etc. Hack attempts?
Switch the order of your title tags

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 18 February 2015 :  01:18:49  Show Profile  Reply with Quote
Probably, but the default Snitz isn't vulnerable to that type of attack. Replacing numerical values (with the exception of "pop_profile.asp") with any negative numbers will simply redirect to "default.asp". To eliminate the error message report from "pop_profile.asp", you need to add 4 lines.


Search for the following lines (appx 141-143):

	case "display" '## Display Profile

		if strDBNTUserName = "" then

Between them, insert these:


		If Request("id") > "" Then
			If Not IsNumeric(Request("id")) Then Response.Redirect "default.asp"
			If (IsNumeric(Request("id")) And Request("id") < 1) Then Response.Redirect "default.asp"
		End If
Edited by - Carefree on 18 February 2015 01:21:39
Go to Top of Page

bobby131313
Senior Member

USA
1163 Posts
Posted - 18 February 2015 :  20:08:48  Show Profile  Visit bobby131313's Homepage  Reply with Quote
Thanks Carefree.
Switch the order of your title tags
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.16 seconds. Powered By: Snitz Forums 2000 Version 3.4.07