[BULK] Re: [WebDNA] Are your sandbox prefs broken? (If not, are you vulnerable to formvar hacks?)
This WebDNA talk-list message is from 2011
It keeps the original formatting.
numero = 107355
interpreted = N
texte = > You well remember the security hole when someone passes a get or post =formvar named after a webdna wrapper tag.. well someone (or everyone) =please help me confirm an issue that I am amazed that I seem to be the =first one to discover> [snip]Donovan graciously pointed out to me the obvious:"Just don't include the code in your preparse script, or hide it from =your prefs (as they are password protected anyway)"I guess I was just excited because it struck me really odd that webdna's =own internal form (apparently) passed a formvar named the same as a =reserved word (tag).Anyway, here is my current (most lazy) patch on the patch: (that [text] =var assignment is all on one line.)[hideif [URL][thisurl][/URL]^[URL]cgi-bin/WebCatalogEngine[/URL]][!][/!][formvariables name=3Dtext][redirect =url=3Dindex.html][/formvariables][!]=[/!][text]t_commands=3D|[url]![/url]|addfields|addlineitem|append|appendfi=le|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfi=lecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitda=tabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords=|createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefold=er|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstr=ing|flushcache|flushdatabases|format|format|formvariables|founditems|freem=emory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|ht=ml3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastaut=onumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfield=s|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup=|loop|lowercase|math|middle|movefile|object|orderfile|password|platform|pr=oduct|protect|purchase|random|raw|redirect|referrer|removehtml|removelinei=tem|replace|replacefounditems|return|returnraw|scope|search|sendmail|setco=okie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|s=ql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch=|table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|v=alidcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes=|xmlparse|xsl|xslt|[/text][!][/!][formvariables][!][/!][showif [t_commands]^|[url][name][/url]|][!][/!][redirect url=3Dindex.html][!][/!][/showif][!][/!][/formvariables][!][/!][/hideif]-G=
Associated Messages, from the most recent to the oldest:
> You well remember the security hole when someone passes a get or post =formvar named after a webdna wrapper tag.. well someone (or everyone) =please help me confirm an issue that I am amazed that I seem to be the =first one to discover> [snip]Donovan graciously pointed out to me the obvious:"Just don't include the code in your preparse script, or hide it from =your prefs (as they are password protected anyway)"I guess I was just excited because it struck me really odd that webdna's =own internal form (apparently) passed a formvar named the same as a =reserved word (tag).Anyway, here is my current (most lazy) patch on the patch: (that
[text] =var assignment is all on one line.)[hideif
[url][thisurl][/URL]^
[url]cgi-bin/WebCatalogEngine[/URL]]
[!][/!][formvariables name=3Dtext][redirect =url=3Dindex.html][/formvariables]
[!]=[/!]
[text]t_commands=3D|
[url]![/url]|addfields|addlineitem|append|appendfi=le|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfi=lecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitda=tabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords=|createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefold=er|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstr=ing|flushcache|flushdatabases|format|format|formvariables|founditems|freem=emory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|ht=ml3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastaut=onumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfield=s|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup=|loop|lowercase|math|middle|movefile|object|orderfile|password|platform|pr=oduct|protect|purchase|random|raw|redirect|referrer|removehtml|removelinei=tem|replace|replacefounditems|return|returnraw|scope|search|sendmail|setco=okie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|s=ql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch=|table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|v=alidcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes=|xmlparse|xsl|xslt|[/text]
[!][/!]
[formvariables][!][/!][showif [t_commands]^|
[url][name][/url]|]
[!][/!][redirect url=3Dindex.html]
[!][/!][/showif]
[!][/!][/formvariables]
[!][/!][/hideif]-G=
Govinda
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Cookies (1999)
[WebDNA] ReturnRaw and binarybody (2013)
Webmessage Hyperboard (1998)
Root Folder problems cont. (1998)
Can't add a field (1998)
WebCat2: multiple currency support (1997)
Strange intermittent WebDNA problems (2008)
Running 2 two WebCatalog.acgi's (1996)
SET and C-SET (1998)
WCf2 and nested tags (1997)
Properly implemented switch-case would be nice ... (2002)
Authenticate (1997)
[WebDNA] Version 7 Config problem (2011)
OR-searching (2000)
WebCatalog [FoundItems] Problem - LONG - (1997)
free zip codes database (1999)
[ModDate] & [ModTime] ? (1997)
Exclude by date - multiple (1997)
Triggers (1999)
Signal Raised error (1997)