|
#44295
03/18/2002 7:44 PM
|
Joined: Oct 2000
Posts: 743
Moderator / Code Fixer
|
Moderator / Code Fixer
Joined: Oct 2000
Posts: 743 |
Im going to work on developing a block for the use of javascript between img tags. With the exploit now becoming more widely known I think its time to write a fix. I know a fix is being developed for version 6.x boards but the version 5 users arent that lucky What Id like some help on is collecting word to filter in a msg post. Obviously things like : Javascript document.onload document.cokie Get cookie etc .... any others ??? Thanks
I can't afford a good signature editor
|
|
|
#44296
03/19/2002 2:08 AM
|
Joined: Dec 2000
Posts: 730
deutscher moderator / v5 specialist
|
deutscher moderator / v5 specialist
Joined: Dec 2000
Posts: 730 |
i use this filter for the IMG-Tag in my privatforums. in all other forums is no IMG allow: [code][/code]what happen when the user post [img ]somescript.js[/ img ]?
|
|
|
#44297
03/19/2002 2:15 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
(correct me if I'm wrong) 5.xx users don't have cookies except for private forums, so you don't have to be afraid. And private forums cookies == temporary, so just don't enter any thread in the same IE after you enter private forums.
|
|
|
#44298
03/19/2002 4:50 PM
|
Joined: Oct 2000
Posts: 743
Moderator / Code Fixer
|
Moderator / Code Fixer
Joined: Oct 2000
Posts: 743 |
Hi LK, I'll think you'll find 5.XX has cookies, Username and Password respectively. As it does store these fileds so when you post/reply they are automatically populated, therefore that information is coming from somewhere,has to be a cookie.
Cheers
I can't afford a good signature editor
|
|
|
#44299
03/20/2002 1:42 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
I should never enter this forum again
|
|
|
#44300
03/20/2002 4:54 PM
|
Joined: Oct 2000
Posts: 743
Moderator / Code Fixer
|
Moderator / Code Fixer
Joined: Oct 2000
Posts: 743 |
Nahh no need to be like that! We all make mistakes!
I can't afford a good signature editor
|
|
|
#44301
06/05/2002 3:43 PM
|
Joined: Nov 2000
Posts: 50
Member
|
Member
Joined: Nov 2000
Posts: 50 |
something new about this Chapter ? I got some attacks with IMG-Code on my Forum and searching for a hotfix
|
|
|
#44302
06/05/2002 6:28 PM
|
Joined: Oct 2000
Posts: 743
Moderator / Code Fixer
|
Moderator / Code Fixer
Joined: Oct 2000
Posts: 743 |
What version are you running, Ive only tested my fix on version 5.47d
I can post fix details here if you like.
Regards BassTeQ
I can't afford a good signature editor
|
|
|
#44303
06/08/2002 4:30 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
Bass, you can't fix it by adding many stuff to block list, it's much more complicated. You'll have to make sure img and url tags don't include ", don't begin with javascript, etc, without forgetting that "javascript" can be written with stuff
|
|
|
#44304
06/08/2002 5:46 PM
|
Joined: Dec 2000
Posts: 730
deutscher moderator / v5 specialist
|
deutscher moderator / v5 specialist
Joined: Dec 2000
Posts: 730 |
an other filter is: [/code]add the code before this code in "ubb_library.pl": [code] you can change the text This call of the UBB code [ IMG ] is not permitted... without problems...
|
|
|
#44305
06/11/2002 12:28 AM
|
Joined: Oct 2000
Posts: 743
Moderator / Code Fixer
|
Moderator / Code Fixer
Joined: Oct 2000
Posts: 743 |
Hi, if i test your example with this code below it doesnt seem to print the message that its Not permitted. [/code]If however I pass it a proper IMG path then all works ok
[code] Any ideas?
I can't afford a good signature editor
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 1,157
Joined: July 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|