This exploit was discovered a few years back, but I thought it was fixed, o=r a fix was announced or something. I forget.
Terry--Hi,
I am running V6.2 on CentOS 5.8 and have found instances where WebDNA code =displays on a page if certain WebDNA tags are in the URL.
I thought it was something I was doing but this appears to happen on the www.webdna.us site as =well.
http://=www.webdna.us/page.dna?text=3D
takes you to a page that shows only webdna code
http://www.webdna.us/page.dna?numero=3D56&text=3Dadds a line of text above the navigation row in the red background (need to= mouse over to see it - text is same color as red background)
I first experienced this with =A0 !=3D =A0and fixed it by putting a Rewrite=Rule in an .htaccess file in the site's root folder
Today I tried a few other tags and found others. I haven't checked all =the tags just a handful.
text=3D
math=3D
format=3D
Anyone else experience this, have a fix or suggestion?
Thanks,
Steve
---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta=lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo=rt@webdna.us
Terry Wilson | terr=y@terryfic.com | http=://terryfic.com
http://WhosComing.com=a> - a simplified, affordable online reservation system
iStockPhoto portfolio - http://www.istockphoto.com/Terr=yfic3D?refnum=3DTerryfic3D
-------------------------------------------------------------=-------------
Attitude is the only difference between ordeal and adventure.=
---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta=lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo=rt@webdna.us
This exploit was discovered a few years back, but I thought it was fixed, o=r a fix was announced or something. I forget.
Terry--Hi,
I am running V6.2 on CentOS 5.8 and have found instances where WebDNA code =displays on a page if certain WebDNA tags are in the URL.
I thought it was something I was doing but this appears to happen on the www.webdna.us site as =well.
http://=www.webdna.us/page.dna?text=3D
takes you to a page that shows only webdna code
http://www.webdna.us/page.dna?numero=3D56&text=3Dadds a line of text above the navigation row in the red background (need to= mouse over to see it - text is same color as red background)
I first experienced this with =A0 !=3D =A0and fixed it by putting a Rewrite=Rule in an .htaccess file in the site's root folder
Today I tried a few other tags and found others. I haven't checked all =the tags just a handful.
text=3D
math=3D
format=3D
Anyone else experience this, have a fix or suggestion?
Thanks,
Steve
---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta=lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo=rt@webdna.us
Terry Wilson | terr=y@terryfic.com | http=://terryfic.com
http://WhosComing.com=a> - a simplified, affordable online reservation system
iStockPhoto portfolio - http://www.istockphoto.com/Terr=yfic3D?refnum=3DTerryfic3D
-------------------------------------------------------------=-------------
Attitude is the only difference between ordeal and adventure.=
---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta=lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo=rt@webdna.us
DOWNLOAD WEBDNA NOW!
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...