[WebDNA] heads up - are your sandbox prefs broken? (If not, are you vulnerable to formvar hacks?)
This WebDNA talk-list message is from 2011
It keeps the original formatting.
numero = 107351
interpreted = N
texte = Hey guysYou well remember the security hole when someone passes a get or post =formvar named after a webdna wrapper tag.. well someone (or everyone) =please help me confirm an issue that I am amazed that I seem to be the =first one to discover, and which I am guessing is affecting more than =just my 3 clients I have on one host (have not checked my other =clients/hosts yet):** Step 1.) Install (input and *save*) some version of the security =patch code in your pre-parse script (if you have not already), like e.g. =this one Donovan came up with (which is more compact and likely less-CPU =intensive than the other one that was floating on this list before) :[formvariables name=3Dtext][redirect url=3Dindex.html][/formvariables]=[text]t_commands=3D|[url]![/url]|addfields|addlineitem|append|appendfile|a=pplescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfilecr=c32|capitalize|cart|case|clearlineitems|closedatabase|command|commitdataba=se|convertchars|convertwords|copyfile|copyfolder|countchars|countwords|cre=atefolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefolder|d=os|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstring|=flushcache|flushdatabases|format|format|formvariables|founditems|freememor=y|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|html3|=httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastautonum=ner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfields|li=stfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup|loo=p|lowercase|math|middle|movefile|object|orderfile|password|platform|produc=t|protect|purchase|random|raw|redirect|referrer|removehtml|removelineitem|=replace|replacefounditems|retu=rn|returnraw|scope|search|sendmail|setcookie|setheader|setlineitem|setmime=header|shell|showif|shownext|spawn|sql|sql|sqlconnect|sqldisconnect|sqlexe=cute|sqlinfo|sqlrelease|sqlresult|switch|table|tcpconnect|tcpsend|then|thi=surl|time|unurl|uppercase|url|username|validcard|version|waitforfile|write=file|xmlnode|xmlnodes|xmlnodesattributes|xmlparse|xsl|xslt|[/text][formvariables][showif [t_commands]^|[url][name][/url]|][redirect url=3Dindex.html][/showif][/formvariables]** Step 2.) Now try to alter one of your sandbox preferences, and save =them. You can even just leave every pref. set as it is... just save =them.If you experience what I seem to be experiencing.. then you find that =instead of saving, you got redirected to wherever your patch (above) =said to redirect when an 'illegal' formvar was passed. ?! The =internal pref-saving sandbox form submits a form var named after a =webdna tag?? =20I have not tried this on my webdna 7 local install yet.. nor on any =version 6- install that does not use a sandbox.. but so far the issue =is confirmed on one machine running webdna version 6 , and on another =machine running webdna version 6.2 - both using sandboxes.IIRC the host I am lately working with told me that he tried it on his =master webdna pref-saving form and the issue arises there too.. implying =the issue is not only in sandboxes.My first thought was just to confirm the issue with you all here. =Please try it!My second thought, as workaround, was to set up a conditional in the =pre-parse script that checks [thisurl] to see if we are in the sandbox =admin area or not.. before applying our patch. My third thought is to =look again if I can find the formvar in the pref-saving form which is =actually causing the patch to fire a [redirect] (my first glance did not =find it), and where.Your thoughts?-Govinda=
Associated Messages, from the most recent to the oldest:
|
- [WebDNA] heads up - are your sandbox prefs broken? (If not, are you vulnerable to formvar hacks?) (Govinda 2011)
|
Hey guysYou well remember the security hole when someone passes a get or post =formvar named after a webdna wrapper tag.. well someone (or everyone) =please help me confirm an issue that I am amazed that I seem to be the =first one to discover, and which I am guessing is affecting more than =just my 3 clients I have on one host (have not checked my other =clients/hosts yet):** Step 1.) Install (input and *save*) some version of the security =patch code in your pre-parse script (if you have not already), like e.g. =this one Donovan came up with (which is more compact and likely less-CPU =intensive than the other one that was floating on this list before) :[formvariables name=3Dtext][redirect url=3Dindex.html][/formvariables]=
[text]t_commands=3D|
[url]![/url]|addfields|addlineitem|append|appendfile|a=pplescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfilecr=c32|capitalize|cart|case|clearlineitems|closedatabase|command|commitdataba=se|convertchars|convertwords|copyfile|copyfolder|countchars|countwords|cre=atefolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefolder|d=os|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstring|=flushcache|flushdatabases|format|format|formvariables|founditems|freememor=y|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|html3|=httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastautonum=ner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfields|li=stfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup|loo=p|lowercase|math|middle|movefile|object|orderfile|password|platform|produc=t|protect|purchase|random|raw|redirect|referrer|removehtml|removelineitem|=replace|replacefounditems|retu=rn|returnraw|scope|search|sendmail|setcookie|setheader|setlineitem|setmime=header|shell|showif|shownext|spawn|sql|sql|sqlconnect|sqldisconnect|sqlexe=cute|sqlinfo|sqlrelease|sqlresult|switch|table|tcpconnect|tcpsend|then|thi=surl|time|unurl|uppercase|url|username|validcard|version|waitforfile|write=file|xmlnode|xmlnodes|xmlnodesattributes|xmlparse|xsl|xslt|[/text]
[formvariables][showif [t_commands]^|
[url][name][/url]|][redirect url=3Dindex.html][/showif][/formvariables]** Step 2.) Now try to alter one of your sandbox preferences, and save =them. You can even just leave every pref. set as it is... just save =them.If you experience what I seem to be experiencing.. then you find that =instead of saving, you got redirected to wherever your patch (above) =said to redirect when an 'illegal' formvar was passed. ?! The =internal pref-saving sandbox form submits a form var named after a =webdna tag?? =20I have not tried this on my webdna 7 local install yet.. nor on any =version 6- install that does not use a sandbox.. but so far the issue =is confirmed on one machine running webdna version 6 , and on another =machine running webdna version 6.2 - both using sandboxes.IIRC the host I am lately working with told me that he tried it on his =master webdna pref-saving form and the issue arises there too.. implying =the issue is not only in sandboxes.My first thought was just to confirm the issue with you all here. =Please try it!My second thought, as workaround, was to set up a conditional in the =pre-parse script that checks
[thisurl] to see if we are in the sandbox =admin area or not.. before applying our patch. My third thought is to =look again if I can find the formvar in the pref-saving form which is =actually causing the patch to fire a
[redirect] (my first glance did not =find it), and where.Your thoughts?-Govinda=
Govinda
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Need help... (1997)
Requiring that certain fields be completed (1997)
unable to launch acgi in WebCat (1997)
Date Calulation (1997)
[WebDNA] How do we tell what's misconfigured? Or which WebDNA 7 version to use? (2011)
Custom formulas.db (1998)
WebDNA Server Not Running (2005)
Size limit for tmpl editor ? (1997)
[WebDNA] [OT] WebDNA Wiki - need grammar check / suggestions (2009)
New Command prefs ... (1997)
WebCatalog/Mac 2.1b2 - PIXO (1997)
RE: WebDNA-Talk searchable? (1997)
Normalizing Dates and Phone numbers (2000)
[WebDNA] Resolve IP to Domain (2018)
What am I missing (1997)
Webcat/Webmerchant part II (1998)
Online reference (1997)
help needed: Non-english characters in WebCatalog (1997)
Security Question (1997)
Pasting from M$ Word (2001)