What's the obsession with -1' - Snitz™ Forums 2000

The Forum has been Updated

The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.

What's the obsession with -1' - Posted 16 Feb 2015 15:58 (1434 Views)

bobby131313

Senior Member

Posts: 1163

1163

Pretty much any file on my site that uses a numeric querystring is attempted to load with a -1' value. Always China, Pakistan, Turkey, etc. Hack attempts?

Switch the order of your title tags

Posted 18 Feb 2015 01:18

Carefree

Advanced Member

Posts: 4224

4224

Probably, but the default Snitz isn't vulnerable to that type of attack. Replacing numerical values (with the exception of "pop_profile.asp") with any negative numbers will simply redirect to "default.asp". To eliminate the error message report from "pop_profile.asp", you need to add 4 lines.

Code:


Search for the following lines (appx 141-143):

	case "display" '## Display Profile

		if strDBNTUserName = "" then

Between them, insert these:


		If Request("id") > "" Then
			If Not IsNumeric(Request("id")) Then Response.Redirect "default.asp"
			If (IsNumeric(Request("id")) And Request("id") < 1) Then Response.Redirect "default.asp"
		End If

Last edited by Carefree on 18 February 2015, 01:21

Posted 18 Feb 2015 20:08

bobby131313

Senior Member

Posts: 1163

1163

Thanks Carefree.

Switch the order of your title tags