[BULK] Re: [WebDNA] Are your sandbox prefs broken? (If not, are you vulnerable to formvar hacks?)

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107355
interpreted = N
texte = > You well remember the security hole when someone passes a get or post = formvar named after a webdna wrapper tag.. well someone (or everyone) = please help me confirm an issue that I am amazed that I seem to be the = first one to discover > [snip] Donovan graciously pointed out to me the obvious: "Just don't include the code in your preparse script, or hide it from = your prefs (as they are password protected anyway)" I guess I was just excited because it struck me really odd that webdna's = own internal form (apparently) passed a formvar named the same as a = reserved word (tag). Anyway, here is my current (most lazy) patch on the patch: (that [text] = var assignment is all on one line.) [hideif [URL][thisurl][/URL]^[URL]cgi-bin/WebCatalogEngine[/URL]][!] [/!][formvariables name=3Dtext][redirect = url=3Dindex.html][/formvariables][!] = [/!][text]t_commands=3D|[url]![/url]|addfields|addlineitem|append|appendfi= le|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfi= lecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitda= tabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords= |createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefold= er|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstr= ing|flushcache|flushdatabases|format|format|formvariables|founditems|freem= emory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|ht= ml3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastaut= onumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfield= s|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup= |loop|lowercase|math|middle|movefile|object|orderfile|password|platform|pr= oduct|protect|purchase|random|raw|redirect|referrer|removehtml|removelinei= tem|replace|replacefounditems|return|returnraw|scope|search|sendmail|setco= okie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|s= ql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch= |table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|v= alidcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes= |xmlparse|xsl|xslt|[/text][!] [/!][formvariables][!] [/!][showif [t_commands]^|[url][name][/url]|][!] [/!][redirect url=3Dindex.html][!] [/!][/showif][!] [/!][/formvariables][!] [/!][/hideif] -G= Associated Messages, from the most recent to the oldest:

    
> You well remember the security hole when someone passes a get or post = formvar named after a webdna wrapper tag.. well someone (or everyone) = please help me confirm an issue that I am amazed that I seem to be the = first one to discover > [snip] Donovan graciously pointed out to me the obvious: "Just don't include the code in your preparse script, or hide it from = your prefs (as they are password protected anyway)" I guess I was just excited because it struck me really odd that webdna's = own internal form (apparently) passed a formvar named the same as a = reserved word (tag). Anyway, here is my current (most lazy) patch on the patch: (that [text] = var assignment is all on one line.) [hideif [url][thisurl][/URL]^[url]cgi-bin/WebCatalogEngine[/URL]][!] [/!][formvariables name=3Dtext][redirect = url=3Dindex.html][/formvariables][!] = [/!][text]t_commands=3D|[url]![/url]|addfields|addlineitem|append|appendfi= le|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfi= lecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitda= tabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords= |createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefold= er|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstr= ing|flushcache|flushdatabases|format|format|formvariables|founditems|freem= emory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|ht= ml3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastaut= onumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfield= s|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup= |loop|lowercase|math|middle|movefile|object|orderfile|password|platform|pr= oduct|protect|purchase|random|raw|redirect|referrer|removehtml|removelinei= tem|replace|replacefounditems|return|returnraw|scope|search|sendmail|setco= okie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|s= ql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch= |table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|v= alidcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes= |xmlparse|xsl|xslt|[/text][!] [/!][formvariables][!] [/!][showif [t_commands]^|[url][name][/url]|][!] [/!][redirect url=3Dindex.html][!] [/!][/showif][!] [/!][/formvariables][!] [/!][/hideif] -G= Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Cookies (1999) [WebDNA] ReturnRaw and binarybody (2013) Webmessage Hyperboard (1998) Root Folder problems cont. (1998) Can't add a field (1998) WebCat2: multiple currency support (1997) Strange intermittent WebDNA problems (2008) Running 2 two WebCatalog.acgi's (1996) SET and C-SET (1998) WCf2 and nested tags (1997) Properly implemented switch-case would be nice ... (2002) Authenticate (1997) [WebDNA] Version 7 Config problem (2011) OR-searching (2000) WebCatalog [FoundItems] Problem - LONG - (1997) free zip codes database (1999) [ModDate] & [ModTime] ? (1997) Exclude by date - multiple (1997) Triggers (1999) Signal Raised error (1997)