The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Pretty much any file on my site that uses a numeric querystring is attempted to load with a -1' value. Always China, Pakistan, Turkey, etc. Hack attempts?
نوشته شده در
Probably, but the default Snitz isn't vulnerable to that type of attack. Replacing numerical values (with the exception of "pop_profile.asp") with any negative numbers will simply redirect to "default.asp". To eliminate the error message report from "pop_profile.asp", you need to add 4 lines.
Code:
Search for the following lines (appx 141-143):
case "display" '## Display Profile
if strDBNTUserName = "" then
Between them, insert these:
If Request("id") > "" Then
If Not IsNumeric(Request("id")) Then Response.Redirect "default.asp"
If (IsNumeric(Request("id")) And Request("id") < 1) Then Response.Redirect "default.asp"
End If
نوشته شده در
Thanks Carefree.