Re: [WebDNA] PCI Vulnerability testing
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 102396
interpreted = N
texte = This is a cryptographically signed message in MIME format.--------------ms090303000904010301050700Content-Type: text/plain; charset=UTF-8Content-Transfer-Encoding: quoted-printableYou are correct Willian NEVER trust user input.What I always do is simply remove any characters I don't recognize using grep. All user input is "cleaned" before taking any action on itwhatsoever.For [cart] values:[GetChars start=3D1&end=3D20][Grepsearch=3D[^0-9]&replace=3D][value][/Grep][/GetChars]For other text values:[GetChars start=3D1&end=3D100][Grep search=3D[^,-.%@_A-Za-z0-9=C3=9C=C3=BC=C3=84=C3=A4=C3=96=C3=B6]&replace=3D][value][/=Grep][/GetChars]MarcWilliam DeVaul wrote:> I have no idea about a server level fix. This goes to never trusting> user input. I thought it should always be surrounded by [raw] and> [url] to prevent this.>=20> What do others do?>=20> Bill>=20> On Mon, Apr 13, 2009 at 2:08 PM, Bob Minor
wrote:>> What are people doing for the following type of attacks?>>>> http://www.example.com/shoppingcart.tpl?cart=3D">>> This will exploit the reflected cross site scripting vulnerability sh=own>>> before, executing the javascript code stored on the attacker's web se=rver as>>> if it was originating from the victim web site, www.example.com.>>> A complete test will include instantiating a variable with several at=tack>>> vectors (Check Fuzz vectors appendix and Encoded injection appendix).=>>> Finally, analyzing answers can get complex. A simple way to do this i=s to>>> use code that pops up a dialog, as in our example. This typically ind=icates>>> that an attacker could execute arbitrary JavaScript of his choice in =the>>> visitors' browsers.> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> old archives: http://dev.webdna.us/TalkListArchive/> .>=20--=20-------------------------------------------Marc ThompsonSoftware EngineerOffice of Information TechnologyUniversity of Utah801.585.9264marc.thompson@utah.edu---------------------------------------------------------ms090303000904010301050700Content-Type: application/x-pkcs7-signature; name="smime.p7s"Content-Transfer-Encoding: base64Content-Disposition: attachment; filename="smime.p7s"Content-Description: S/MIME Cryptographic SignatureMIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIyTCCAr8wggIooAMCAQICEBsJjtdroK6bD6QFOjpu3bIwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDIyMzE5MzkyNVoXDTEwMDIyMzE5MzkyNVowgYoxETAPBgNVBAQTCFRob21wc29uMQ0wCwYDVQQqEwRNYXJjMRYwFAYDVQQDEw1NYXJjIFRob21wc29uMScwJQYJKoZIhvcNAQkBFhhtdGhvbXBzb25AbWVkaWEudXRhaC5lZHUxJTAjBgkqhkiG9w0BCQEWFm1hcmMudGhvbXBzb25AdXRhaC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM59JRdQxO5rxD9dkmKAk/FobjsVKTA+u4e8lYfiMt3ZRIpBx5JX3h9h7j2JCZDPbB5s/jxg+DoL4oyL8nRZ5WI03nkWsizq4LzvPCudQjos5hflS+7sQNBUHJoUtQ+hX0vp4QmRs7qDlZ+zB3SgBz8YGOcQm1uDf++BS7wv89VFAgMBAAGjTTBLMDsGA1UdEQQ0MDKBGG10aG9tcHNvbkBtZWRpYS51dGFoLmVkdYEWbWFyYy50aG9tcHNvbkB1dGFoLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBAC8toPH9c2T1yBdVk/3XP3xeXtECE1Kin0w50pjBajicub5R6pz9jc+NhlpNPmcqVj3VVimTyFeFY97p3BrcjW3qPFp/KM5OabdIz4gLDT0aMzdjI0qo59DolQGSlPxRPU6RqMJRIJ0X75EhDhCgpDWy7UtVPInv5T4rAkLPskeBMIICvzCCAiigAwIBAgIQGwmO12ugrpsPpAU6Om7dsjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDkwMjIzMTkzOTI1WhcNMTAwMjIzMTkzOTI1WjCBijERMA8GA1UEBBMIVGhvbXBzb24xDTALBgNVBCoTBE1hcmMxFjAUBgNVBAMTDU1hcmMgVGhvbXBzb24xJzAlBgkqhkiG9w0BCQEWGG10aG9tcHNvbkBtZWRpYS51dGFoLmVkdTElMCMGCSqGSIb3DQEJARYWbWFyYy50aG9tcHNvbkB1dGFoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzn0lF1DE7mvEP12SYoCT8WhuOxUpMD67h7yVh+Iy3dlEikHHklfeH2HuPYkJkM9sHmz+PGD4OgvijIvydFnlYjTeeRayLOrgvO88K51COizmF+VL7uxA0FQcmhS1D6FfS+nhCZGzuoOVn7MHdKAHPxgY5xCbW4N/74FLvC/z1UUCAwEAAaNNMEswOwYDVR0RBDQwMoEYbXRob21wc29uQG1lZGlhLnV0YWguZWR1gRZtYXJjLnRob21wc29uQHV0YWguZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEALy2g8f1zZPXIF1WT/dc/fF5e0QITUqKfTDnSmMFqOJy5vlHqnP2Nz42GWk0+ZypWPdVWKZPIV4Vj3uncGtyNbeo8Wn8ozk5pt0jPiAsNPRozN2MjSqjn0OiVAZKU/FE9TpGowlEgnRfvkSEOEKCkNbLtS1U8ie/lPisCQs+yR4EwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIC4zCCAt8CAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEBsJjtdroK6bD6QFOjpu3bIwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwNDEzMTkwMzM4WjAjBgkqhkiG9w0BCQQxFgQUPvnGN+5Y2IjiD4GpIEa3m3YuqeswUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAbCY7Xa6Cumw+kBTo6bt2yMIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAbCY7Xa6Cumw+kBTo6bt2yMA0GCSqGSIb3DQEBAQUABIGAdicoOZxSFvEnsdkBk8r6bDRqjI+SJSSkYYuRoQsm8rQ9AjotB0X59+pDz8UaC1DkonM+u7PZ+NaKLOt9rOdXd01SkbG4gDaVcd+uMJxFawjlVpT6DUr8tllYm/Z+J3f9jxFMXelhF1rOZMTqSEXKOEmjXMjcPK2CWoco+kB/MD0AAAAAAAA=--------------ms090303000904010301050700--
Associated Messages, from the most recent to the oldest:
This is a cryptographically signed message in MIME format.--------------ms090303000904010301050700Content-Type: text/plain; charset=UTF-8Content-Transfer-Encoding: quoted-printableYou are correct Willian NEVER trust user input.What I always do is simply remove any characters I don't recognize using grep. All user input is "cleaned" before taking any action on itwhatsoever.For [cart] values:[GetChars start=3D1&end=3D20][Grepsearch=3D[^0-9]&replace=3D][value][/Grep][/GetChars]For other text values:[GetChars start=3D1&end=3D100][Grep search=3D[^,-.%@_A-Za-z0-9=C3=9C=C3=BC=C3=84=C3=A4=C3=96=C3=B6]&replace=3D][value][/=Grep][/GetChars]MarcWilliam DeVaul wrote:> I have no idea about a server level fix. This goes to never trusting> user input. I thought it should always be surrounded by [raw] and> [url] to prevent this.>=20> What do others do?>=20> Bill>=20> On Mon, Apr 13, 2009 at 2:08 PM, Bob Minor wrote:>> What are people doing for the following type of attacks?>>>> http://www.example.com/shoppingcart.tpl?cart=3D">>> This will exploit the reflected cross site scripting vulnerability sh=own>>> before, executing the javascript code stored on the attacker's web se=rver as>>> if it was originating from the victim web site, www.example.com.>>> A complete test will include instantiating a variable with several at=tack>>> vectors (Check Fuzz vectors appendix and Encoded injection appendix).=>>> Finally, analyzing answers can get complex. A simple way to do this i=s to>>> use code that pops up a dialog, as in our example. This typically ind=icates>>> that an attacker could execute arbitrary JavaScript of his choice in =the>>> visitors' browsers.> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> old archives: http://dev.webdna.us/TalkListArchive/> .>=20--=20-------------------------------------------Marc ThompsonSoftware EngineerOffice of Information TechnologyUniversity of Utah801.585.9264marc.thompson@utah.edu---------------------------------------------------------ms090303000904010301050700Content-Type: application/x-pkcs7-signature; name="smime.p7s"Content-Transfer-Encoding: base64Content-Disposition: attachment; filename="smime.p7s"Content-Description: S/MIME Cryptographic SignatureMIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIyTCCAr8wggIooAMCAQICEBsJjtdroK6bD6QFOjpu3bIwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDIyMzE5MzkyNVoXDTEwMDIyMzE5MzkyNVowgYoxETAPBgNVBAQTCFRob21wc29uMQ0wCwYDVQQqEwRNYXJjMRYwFAYDVQQDEw1NYXJjIFRob21wc29uMScwJQYJKoZIhvcNAQkBFhhtdGhvbXBzb25AbWVkaWEudXRhaC5lZHUxJTAjBgkqhkiG9w0BCQEWFm1hcmMudGhvbXBzb25AdXRhaC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM59JRdQxO5rxD9dkmKAk/FobjsVKTA+u4e8lYfiMt3ZRIpBx5JX3h9h7j2JCZDPbB5s/jxg+DoL4oyL8nRZ5WI03nkWsizq4LzvPCudQjos5hflS+7sQNBUHJoUtQ+hX0vp4QmRs7qDlZ+zB3SgBz8YGOcQm1uDf++BS7wv89VFAgMBAAGjTTBLMDsGA1UdEQQ0MDKBGG10aG9tcHNvbkBtZWRpYS51dGFoLmVkdYEWbWFyYy50aG9tcHNvbkB1dGFoLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBAC8toPH9c2T1yBdVk/3XP3xeXtECE1Kin0w50pjBajicub5R6pz9jc+NhlpNPmcqVj3VVimTyFeFY97p3BrcjW3qPFp/KM5OabdIz4gLDT0aMzdjI0qo59DolQGSlPxRPU6RqMJRIJ0X75EhDhCgpDWy7UtVPInv5T4rAkLPskeBMIICvzCCAiigAwIBAgIQGwmO12ugrpsPpAU6Om7dsjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDkwMjIzMTkzOTI1WhcNMTAwMjIzMTkzOTI1WjCBijERMA8GA1UEBBMIVGhvbXBzb24xDTALBgNVBCoTBE1hcmMxFjAUBgNVBAMTDU1hcmMgVGhvbXBzb24xJzAlBgkqhkiG9w0BCQEWGG10aG9tcHNvbkBtZWRpYS51dGFoLmVkdTElMCMGCSqGSIb3DQEJARYWbWFyYy50aG9tcHNvbkB1dGFoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzn0lF1DE7mvEP12SYoCT8WhuOxUpMD67h7yVh+Iy3dlEikHHklfeH2HuPYkJkM9sHmz+PGD4OgvijIvydFnlYjTeeRayLOrgvO88K51COizmF+VL7uxA0FQcmhS1D6FfS+nhCZGzuoOVn7MHdKAHPxgY5xCbW4N/74FLvC/z1UUCAwEAAaNNMEswOwYDVR0RBDQwMoEYbXRob21wc29uQG1lZGlhLnV0YWguZWR1gRZtYXJjLnRob21wc29uQHV0YWguZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEALy2g8f1zZPXIF1WT/dc/fF5e0QITUqKfTDnSmMFqOJy5vlHqnP2Nz42GWk0+ZypWPdVWKZPIV4Vj3uncGtyNbeo8Wn8ozk5pt0jPiAsNPRozN2MjSqjn0OiVAZKU/FE9TpGowlEgnRfvkSEOEKCkNbLtS1U8ie/lPisCQs+yR4EwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIC4zCCAt8CAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEBsJjtdroK6bD6QFOjpu3bIwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwNDEzMTkwMzM4WjAjBgkqhkiG9w0BCQQxFgQUPvnGN+5Y2IjiD4GpIEa3m3YuqeswUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAbCY7Xa6Cumw+kBTo6bt2yMIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAbCY7Xa6Cumw+kBTo6bt2yMA0GCSqGSIb3DQEBAQUABIGAdicoOZxSFvEnsdkBk8r6bDRqjI+SJSSkYYuRoQsm8rQ9AjotB0X59+pDz8UaC1DkonM+u7PZ+NaKLOt9rOdXd01SkbG4gDaVcd+uMJxFawjlVpT6DUr8tllYm/Z+J3f9jxFMXelhF1rOZMTqSEXKOEmjXMjcPK2CWoco+kB/MD0AAAAAAAA=--------------ms090303000904010301050700--
Marc Thompson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Location of Browser Info.txt file (1997)
Sendmail html/text problem (2003)
WebCat2b13MacPlugIn - [showif][search][/showif] (1997)
Return records from another (1997)
TCPConnect / Current Temperature (2004)
File upload woes (1998)
[WAY OFF TOPIC] anybody live in Kansas? (2003)
PARAMETER vs. OPERATOR (was The BUG is BACK ...) (1998)
searching multiple databases in single search (1997)
Summing a field full of numbers ... (1997)
Authenticate Questions (2003)
Help! WebCat2 bug (1997)
For those of you not on the WebCatalog Beta... (1997)
Accessing Server Environment Variables (2003)
RED QUESTION MARK (1999)
[WebDNA] WebDNA 7 (2011)
Security Issue (1997)
WebCat2 Append problem (B14Macacgi) (1997)
sendmail for email (was Netforms) (1998)
Sku numbers (1997)