Re: [WebDNA] WebDNA code displaying on page

This WebDNA talk-list message is from

2012

It keeps the original formatting. numero = 110004
interpreted = N
texte = This is a multi-part message in MIME format.--------------040502050104030208010103Content-Type: text/plain; charset=ISO-8859-1; format=flowedContent-Transfer-Encoding: 7bitHi Dan,Thanks for the code. Is this the exact code you are using? I pasted it into the top of a template and am getting this at the top of the page:Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]Thanks,SteveDaniel Meola wrote:> You include this at the top of all pages:>>> [/!][!]Prevent tag hacking[/!][!]> [/!][!]--- START: to plug up the security hole of when URL hacker > passes a webdna context name as a formvar---[/!][!]> [/!][formvariables name=!][redirect /][/formvariables][!]> [/!][formvariables name=addfields][redirect /][/formvariables][!]> [/!][formvariables name=addlineitem][redirect /][/formvariables][!]> [/!][formvariables name=append][redirect /][/formvariables][!]> [/!][formvariables name=appendfile][redirect /][/formvariables][!]> [/!][formvariables name=applescript][redirect /][/formvariables][!]> [/!][formvariables name=arrayget][redirect /][/formvariables][!]> [/!][formvariables name=arrayset][redirect /][/formvariables][!]> [/!][formvariables name=authenticate][redirect /][/formvariables][!]> [/!][formvariables name=boldwords][redirect /][/formvariables][!]> [/!][formvariables name=browsername][redirect /][/formvariables][!]> [/!][formvariables name=calcfilecrc32][redirect /][/formvariables][!]> [/!][formvariables name=capitalize][redirect /][/formvariables][!]> [/!][formvariables name=case][redirect /][/formvariables][!]> [/!][formvariables name=clearlineitems][redirect /][/formvariables][!]> [/!][formvariables name=closedatabase][redirect /][/formvariables][!]> [/!][formvariables name=command][redirect /][/formvariables][!]> [/!][formvariables name=commitdatabase][redirect /][/formvariables][!]> [/!][formvariables name=convertchars][redirect /][/formvariables][!]> [/!][formvariables name=convertwords][redirect /][/formvariables][!]> [/!][formvariables name=copyfile][redirect /][/formvariables][!]> [/!][formvariables name=copyfolder][redirect /][/formvariables][!]> [/!][formvariables name=countchars][redirect /][/formvariables][!]> [/!][formvariables name=countwords][redirect /][/formvariables][!]> [/!][formvariables name=createfolder][redirect /][/formvariables][!]> [/!][formvariables name=date][redirect /][/formvariables][!]> [/!][formvariables name=ddeconnect][redirect /][/formvariables][!]> [/!][formvariables name=ddesend][redirect /][/formvariables][!]> [/!][formvariables name=decrypt][redirect /][/formvariables][!]> [/!][formvariables name=delete][redirect /][/formvariables][!]> [/!][formvariables name=deletefile][redirect /][/formvariables][!]> [/!][formvariables name=deletefolder][redirect /][/formvariables][!]> [/!][formvariables name=dos][redirect /][/formvariables][!]> [/!][formvariables name=elapsedtime][redirect /][/formvariables][!]> [/!][formvariables name=else][redirect /][/formvariables][!]> [/!][formvariables name=encrypt][redirect /][/formvariables][!]> [/!][formvariables name=exclusivelock][redirect /][/formvariables][!]> [/!][formvariables name=filecompare][redirect /][/formvariables][!]> [/!][formvariables name=fileinfo][redirect /][/formvariables][!]> [/!][formvariables name=findstring][redirect /][/formvariables][!]> [/!][formvariables name=flushcache][redirect /][/formvariables][!]> [/!][formvariables name=flushdatabases][redirect /][/formvariables][!]> [/!][formvariables name=format][redirect /][/formvariables][!]> [/!][formvariables name=format][redirect /][/formvariables][!]> [/!][formvariables name=formvariables][redirect /][/formvariables][!]> [/!][formvariables name=founditems][redirect /][/formvariables][!]> [/!][formvariables name=freememory][redirect /][/formvariables][!]> [/!][formvariables name=function][redirect /][/formvariables][!]> [/!][formvariables name=getchars][redirect /][/formvariables][!]> [/!][formvariables name=getcookie][redirect /][/formvariables][!]> [/!][formvariables name=getmimeheader][redirect /][/formvariables][!]> [/!][formvariables name=grep][redirect /][/formvariables][!]> [/!][formvariables name=hideif][redirect /][/formvariables][!]> [/!][formvariables name=html1][redirect /][/formvariables][!]> [/!][formvariables name=html2][redirect /][/formvariables][!]> [/!][formvariables name=html3][redirect /][/formvariables][!]> [/!][formvariables name=httpmethod][redirect /][/formvariables][!]> [/!][formvariables name=if][redirect /][/formvariables][!]> [/!][formvariables name=include][redirect /][/formvariables][!]> [/!][formvariables name=input][redirect /][/formvariables][!]> [/!][formvariables name=interpret][redirect /][/formvariables][!]> [/!][formvariables name=ipaddress][redirect /][/formvariables][!]> [/!][formvariables name=issecureclient][redirect /][/formvariables][!]> [/!][formvariables name=lastautonumner][redirect /][/formvariables][!]> [/!][formvariables name=lastrandom][redirect /][/formvariables][!]> [/!][formvariables name=lineitems][redirect /][/formvariables][!]> [/!][formvariables name=listchars][redirect /][/formvariables][!]> [/!][formvariables name=listcookies][redirect /][/formvariables][!]> [/!][formvariables name=listdatabases][redirect /][/formvariables][!]> [/!][formvariables name=listfields][redirect /][/formvariables][!]> [/!][formvariables name=listfiles][redirect /][/formvariables][!]> [/!][formvariables name=listmimeheaders][redirect /][/formvariables][!]> [/!][formvariables name=listpath][redirect /][/formvariables][!]> [/!][formvariables name=listvariables][redirect /][/formvariables][!]> [/!][formvariables name=listwords][redirect /][/formvariables][!]> [/!][formvariables name=lookup][redirect /][/formvariables][!]> [/!][formvariables name=lookup][redirect /][/formvariables][!]> [/!][formvariables name=loop][redirect /][/formvariables][!]> [/!][formvariables name=lowercase][redirect /][/formvariables][!]> [/!][formvariables name=math][redirect /][/formvariables][!]> [/!][formvariables name=middle][redirect /][/formvariables][!]> [/!][formvariables name=movefile][redirect /][/formvariables][!]> [/!][formvariables name=object][redirect /][/formvariables][!]> [/!][formvariables name=orderfile][redirect /][/formvariables][!]> [/!][formvariables name=password][redirect /][/formvariables][!]> [/!][formvariables name=platform][redirect /][/formvariables][!]> [/!][formvariables name=product][redirect /][/formvariables][!]> [/!][formvariables name=protect][redirect /][/formvariables][!]> [/!][formvariables name=purchase][redirect /][/formvariables][!]> [/!][formvariables name=random][redirect /][/formvariables][!]> [/!][formvariables name=raw][redirect /][/formvariables][!]> [/!][formvariables name=redirect][redirect /][/formvariables][!]> [/!][formvariables name=referrer][redirect /][/formvariables][!]> [/!][formvariables name=removehtml][redirect /][/formvariables][!]> [/!][formvariables name=removelineitem][redirect /][/formvariables][!]> [/!][formvariables name=replace][redirect /][/formvariables][!]> [/!][formvariables name=replacefounditems][redirect /][/formvariables][!]> [/!][formvariables name=return][redirect /][/formvariables][!]> [/!][formvariables name=returnraw][redirect /][/formvariables][!]> [/!][formvariables name=scope][redirect /][/formvariables][!]> [/!][formvariables name=search][redirect /][/formvariables][!]> [/!][formvariables name=sendmail][redirect /][/formvariables][!]> [/!][formvariables name=setcookie][redirect /][/formvariables][!]> [/!][formvariables name=setheader][redirect /][/formvariables][!]> [/!][formvariables name=setlineitem][redirect /][/formvariables][!]> [/!][formvariables name=setmimeheader][redirect /][/formvariables][!]> [/!][formvariables name=shell][redirect /][/formvariables][!]> [/!][formvariables name=showif][redirect /][/formvariables][!]> [/!][formvariables name=shownext][redirect /][/formvariables][!]> [/!][formvariables name=spawn][redirect /][/formvariables][!]> [/!][formvariables name=sql][redirect /][/formvariables][!]> [/!][formvariables name=sql][redirect /][/formvariables][!]> [/!][formvariables name=sqlconnect][redirect /][/formvariables][!]> [/!][formvariables name=sqldisconnect][redirect /][/formvariables][!]> [/!][formvariables name=sqlexecute][redirect /][/formvariables][!]> [/!][formvariables name=sqlinfo][redirect /][/formvariables][!]> [/!][formvariables name=sqlrelease][redirect /][/formvariables][!]> [/!][formvariables name=sqlresult][redirect /][/formvariables][!]> [/!][formvariables name=switch][redirect /][/formvariables][!]> [/!][formvariables name=table][redirect /][/formvariables][!]> [/!][formvariables name=tcpconnect][redirect /][/formvariables][!]> [/!][formvariables name=tcpsend][redirect /][/formvariables][!]> [/!][formvariables name=text][redirect /][/formvariables][!]> [/!][formvariables name=then][redirect /][/formvariables][!]> [/!][formvariables name=thisurl][redirect /][/formvariables][!]> [/!][formvariables name=time][redirect /][/formvariables][!]> [/!][formvariables name=unurl][redirect /][/formvariables][!]> [/!][formvariables name=uppercase][redirect /][/formvariables][!]> [/!][formvariables name=url][redirect /][/formvariables][!]> [/!][formvariables name=username][redirect /][/formvariables][!]> [/!][formvariables name=validcard][redirect /][/formvariables][!]> [/!][formvariables name=version][redirect /][/formvariables][!]> [/!][formvariables name=version][redirect /][/formvariables][!]> [/!][formvariables name=waitforfile][redirect /][/formvariables][!]> [/!][formvariables name=writefile][redirect /][/formvariables][!]> [/!][formvariables name=xmlnode][redirect /][/formvariables][!]> [/!][formvariables name=xmlnodes][redirect /][/formvariables][!]> [/!][formvariables name=xmlnodesattributes][redirect /][/formvariables][!]> [/!][formvariables name=xmlparse][redirect /][/formvariables][!]> [/!][formvariables name=xsl][redirect /][/formvariables][!]> [/!][formvariables name=xslt][redirect /][/formvariables][!]> [/!][!]--- END: to plug up the security hole of when URL hacker passes > a webdna context name as a formvar---[/!]>> Daniel Meola> 301-486-0901> daniel@knifecenter.com >>>> On Wed, Dec 12, 2012 at 2:44 PM, Terry Wilson > wrote:>> This exploit was discovered a few years back, but I thought it was> fixed, or a fix was announced or something. I forget.>> Terry>>>> Hi,>> I am running V6.2 on CentOS 5.8 and have found instances where> WebDNA code displays on a page if certain WebDNA tags are in> the URL.>> I thought it was something I was doing but this appears to> happen on the www.webdna.us site as well.>> http://www.webdna.us/page.dna?text=> takes you to a page that shows only webdna code>> http://www.webdna.us/page.dna?numero=56&text=> > adds a line of text above the navigation row in the red> background (need to mouse over to see it - text is same color> as red background)>>> I first experienced this with != and fixed it by putting a> RewriteRule in an .htaccess file in the site's root folder>> Today I tried a few other tags and found others. I haven't> checked all the tags just a handful.>> text=> math=> format=>> Anyone else experience this, have a fix or suggestion?>> Thanks,> Steve>>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list >.> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us >>>> -- > Terry Wilson | terry@terryfic.com |> http://terryfic.com> http://WhosComing.com - a simplified, affordable online> reservation system> iStockPhoto portfolio -> http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D> --------------------------------------------------------------------------> Attitude is the only difference between ordeal and adventure.>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list >.> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us >>> --------------------------------------------------------- This message > is sent to you because you are subscribed to the mailing list . To > unsubscribe, E-mail to: archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: > support@webdna.us --------------040502050104030208010103Content-Type: text/html; charset=ISO-8859-1Content-Transfer-Encoding: 7bit Hi Dan,

Thanks for the code. Is this the exact code you are using?  I pasted itinto the top of a template and am getting this at the top of the page:

Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]


Thanks,
Steve

Daniel Meola wrote:You include this at the top of all pages:











[/!][!]Prevent tag hacking[/!][!]



[/!][!]--- START: to plug up the security hole of when URLhacker passes a webdna context name as a formvar---[/!][!]



[/!][formvariables name=!][redirect /][/formvariables][!]



[/!][formvariables name=addfields][redirect /][/formvariables][!]



[/!][formvariables name=addlineitem][redirect/][/formvariables][!]



[/!][formvariables name=append][redirect /][/formvariables][!]



[/!][formvariables name=appendfile][redirect/][/formvariables][!]



[/!][formvariables name=applescript][redirect/][/formvariables][!]



[/!][formvariables name=arrayget][redirect /][/formvariables][!]



[/!][formvariables name=arrayset][redirect /][/formvariables][!]



[/!][formvariables name=authenticate][redirect/][/formvariables][!]



[/!][formvariables name=boldwords][redirect /][/formvariables][!]



[/!][formvariables name=browsername][redirect/][/formvariables][!]



[/!][formvariables name=calcfilecrc32][redirect/][/formvariables][!]



[/!][formvariables name=capitalize][redirect/][/formvariables][!]



[/!][formvariables name=case][redirect /][/formvariables][!]



[/!][formvariables name=clearlineitems][redirect/][/formvariables][!]



[/!][formvariables name=closedatabase][redirect/][/formvariables][!]



[/!][formvariables name=command][redirect /][/formvariables][!]



[/!][formvariables name=commitdatabase][redirect/][/formvariables][!]



[/!][formvariables name=convertchars][redirect/][/formvariables][!]



[/!][formvariables name=convertwords][redirect/][/formvariables][!]



[/!][formvariables name=copyfile][redirect /][/formvariables][!]



[/!][formvariables name=copyfolder][redirect/][/formvariables][!]



[/!][formvariables name=countchars][redirect/][/formvariables][!]



[/!][formvariables name=countwords][redirect/][/formvariables][!]



[/!][formvariables name=createfolder][redirect/][/formvariables][!]



[/!][formvariables name=date][redirect /][/formvariables][!]



[/!][formvariables name=ddeconnect][redirect/][/formvariables][!]



[/!][formvariables name=ddesend][redirect /][/formvariables][!]



[/!][formvariables name=decrypt][redirect /][/formvariables][!]



[/!][formvariables name=delete][redirect /][/formvariables][!]



[/!][formvariables name=deletefile][redirect/][/formvariables][!]



[/!][formvariables name=deletefolder][redirect/][/formvariables][!]



[/!][formvariables name=dos][redirect /][/formvariables][!]



[/!][formvariables name=elapsedtime][redirect/][/formvariables][!]



[/!][formvariables name=else][redirect /][/formvariables][!]



[/!][formvariables name=encrypt][redirect /][/formvariables][!]



[/!][formvariables name=exclusivelock][redirect/][/formvariables][!]



[/!][formvariables name=filecompare][redirect/][/formvariables][!]



[/!][formvariables name=fileinfo][redirect /][/formvariables][!]



[/!][formvariables name=findstring][redirect/][/formvariables][!]



[/!][formvariables name=flushcache][redirect/][/formvariables][!]



[/!][formvariables name=flushdatabases][redirect/][/formvariables][!]



[/!][formvariables name=format][redirect /][/formvariables][!]



[/!][formvariables name=format][redirect /][/formvariables][!]



[/!][formvariables name=formvariables][redirect/][/formvariables][!]



[/!][formvariables name=founditems][redirect/][/formvariables][!]



[/!][formvariables name=freememory][redirect/][/formvariables][!]



[/!][formvariables name=function][redirect /][/formvariables][!]



[/!][formvariables name=getchars][redirect /][/formvariables][!]



[/!][formvariables name=getcookie][redirect /][/formvariables][!]



[/!][formvariables name=getmimeheader][redirect/][/formvariables][!]



[/!][formvariables name=grep][redirect /][/formvariables][!]



[/!][formvariables name=hideif][redirect /][/formvariables][!]



[/!][formvariables name=html1][redirect /][/formvariables][!]



[/!][formvariables name=html2][redirect /][/formvariables][!]



[/!][formvariables name=html3][redirect /][/formvariables][!]



[/!][formvariables name=httpmethod][redirect/][/formvariables][!]



[/!][formvariables name=if][redirect /][/formvariables][!]



[/!][formvariables name=include][redirect /][/formvariables][!]



[/!][formvariables name=input][redirect /][/formvariables][!]



[/!][formvariables name=interpret][redirect /][/formvariables][!]



[/!][formvariables name=ipaddress][redirect /][/formvariables][!]



[/!][formvariables name=issecureclient][redirect/][/formvariables][!]



[/!][formvariables name=lastautonumner][redirect/][/formvariables][!]



[/!][formvariables name=lastrandom][redirect/][/formvariables][!]



[/!][formvariables name=lineitems][redirect /][/formvariables][!]



[/!][formvariables name=listchars][redirect /][/formvariables][!]



[/!][formvariables name=listcookies][redirect/][/formvariables][!]



[/!][formvariables name=listdatabases][redirect/][/formvariables][!]



[/!][formvariables name=listfields][redirect/][/formvariables][!]



[/!][formvariables name=listfiles][redirect /][/formvariables][!]



[/!][formvariables name=listmimeheaders][redirect/][/formvariables][!]



[/!][formvariables name=listpath][redirect /][/formvariables][!]



[/!][formvariables name=listvariables][redirect/][/formvariables][!]



[/!][formvariables name=listwords][redirect /][/formvariables][!]



[/!][formvariables name=lookup][redirect /][/formvariables][!]



[/!][formvariables name=lookup][redirect /][/formvariables][!]



[/!][formvariables name=loop][redirect /][/formvariables][!]



[/!][formvariables name=lowercase][redirect /][/formvariables][!]



[/!][formvariables name=math][redirect /][/formvariables][!]



[/!][formvariables name=middle][redirect /][/formvariables][!]



[/!][formvariables name=movefile][redirect /][/formvariables][!]



[/!][formvariables name=object][redirect /][/formvariables][!]



[/!][formvariables name=orderfile][redirect /][/formvariables][!]



[/!][formvariables name=password][redirect /][/formvariables][!]



[/!][formvariables name=platform][redirect /][/formvariables][!]



[/!][formvariables name=product][redirect /][/formvariables][!]



[/!][formvariables name=protect][redirect /][/formvariables][!]



[/!][formvariables name=purchase][redirect /][/formvariables][!]



[/!][formvariables name=random][redirect /][/formvariables][!]



[/!][formvariables name=raw][redirect /][/formvariables][!]



[/!][formvariables name=redirect][redirect /][/formvariables][!]



[/!][formvariables name=referrer][redirect /][/formvariables][!]



[/!][formvariables name=removehtml][redirect/][/formvariables][!]



[/!][formvariables name=removelineitem][redirect/][/formvariables][!]



[/!][formvariables name=replace][redirect /][/formvariables][!]



[/!][formvariables name=replacefounditems][redirect/][/formvariables][!]



[/!][formvariables name=return][redirect /][/formvariables][!]



[/!][formvariables name=returnraw][redirect /][/formvariables][!]



[/!][formvariables name=scope][redirect /][/formvariables][!]



[/!][formvariables name=search][redirect /][/formvariables][!]



[/!][formvariables name=sendmail][redirect /][/formvariables][!]



[/!][formvariables name=setcookie][redirect /][/formvariables][!]



[/!][formvariables name=setheader][redirect /][/formvariables][!]



[/!][formvariables name=setlineitem][redirect/][/formvariables][!]



[/!][formvariables name=setmimeheader][redirect/][/formvariables][!]



[/!][formvariables name=shell][redirect /][/formvariables][!]



[/!][formvariables name=showif][redirect /][/formvariables][!]



[/!][formvariables name=shownext][redirect /][/formvariables][!]



[/!][formvariables name=spawn][redirect /][/formvariables][!]



[/!][formvariables name=sql][redirect /][/formvariables][!]



[/!][formvariables name=sql][redirect /][/formvariables][!]



[/!][formvariables name=sqlconnect][redirect/][/formvariables][!]



[/!][formvariables name=sqldisconnect][redirect/][/formvariables][!]



[/!][formvariables name=sqlexecute][redirect/][/formvariables][!]



[/!][formvariables name=sqlinfo][redirect /][/formvariables][!]



[/!][formvariables name=sqlrelease][redirect/][/formvariables][!]



[/!][formvariables name=sqlresult][redirect /][/formvariables][!]



[/!][formvariables name=switch][redirect /][/formvariables][!]



[/!][formvariables name=table][redirect /][/formvariables][!]



[/!][formvariables name=tcpconnect][redirect/][/formvariables][!]



[/!][formvariables name=tcpsend][redirect /][/formvariables][!]



[/!][formvariables name=text][redirect /][/formvariables][!]



[/!][formvariables name=then][redirect /][/formvariables][!]



[/!][formvariables name=thisurl][redirect /][/formvariables][!]



[/!][formvariables name=time][redirect /][/formvariables][!]



[/!][formvariables name=unurl][redirect /][/formvariables][!]



[/!][formvariables name=uppercase][redirect /][/formvariables][!]



[/!][formvariables name=url][redirect /][/formvariables][!]



[/!][formvariables name=username][redirect /][/formvariables][!]



[/!][formvariables name=validcard][redirect /][/formvariables][!]



[/!][formvariables name=version][redirect /][/formvariables][!]



[/!][formvariables name=version][redirect /][/formvariables][!]



[/!][formvariables name=waitforfile][redirect/][/formvariables][!]



[/!][formvariables name=writefile][redirect /][/formvariables][!]



[/!][formvariables name=xmlnode][redirect /][/formvariables][!]



[/!][formvariables name=xmlnodes][redirect /][/formvariables][!]



[/!][formvariables name=xmlnodesattributes][redirect/][/formvariables][!]



[/!][formvariables name=xmlparse][redirect /][/formvariables][!]



[/!][formvariables name=xsl][redirect /][/formvariables][!]



[/!][formvariables name=xslt][redirect /][/formvariables][!]



[/!][!]--- END: to plug up the security hole of when URL hackerpasses a webdna context name as a formvar---[/!]







DanielMeola

301-486-0901

daniel@knifecenter.com










On Wed, Dec 12, 2012 at 2:44 PM, TerryWilson <terry@terryfic.com>wrote:


Thisexploit was discovered a few years back, but I thought it was fixed, ora fix was announced or something. I forget.

Terry







Hi,

I am running V6.2 on CentOS 5.8 and have found instances where WebDNAcode displays on a page if certain WebDNA tags are in the URL.

I thought it was something I was doing but this appears to happen onthe www.webdna.us site as well.

 http://www.webdna.us/page.dna?text=
takes you to a page that shows only webdna code

 http://www.webdna.us/page.dna?numero=56&text=
adds a line of text above the navigation row in the red background(need to mouse over to see it - text is same color as red background)


I first experienced this with   !=  and fixed it by putting aRewriteRule in an .htaccess file in the site's root folder

Today I tried a few other tags and found others. I haven't checked allthe tags just a handful.

text=
math=
format=

Anyone else experience this, have a fix or suggestion?

Thanks,
Steve


---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us








 --
Terry Wilson | terry@terryfic.com| http://terryfic.com
 http://WhosComing.com - a simplified, affordableonline reservation system
iStockPhoto portfolio - http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D
--------------------------------------------------------------------------
Attitude is the only difference between ordeal and adventure.



---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us











---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: support@webdna.us --------------040502050104030208010103-- Associated Messages, from the most recent to the oldest:

Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012) Re: [WebDNA] WebDNA code displaying on page (Tom Duke 2012) Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012) Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012) Re: [WebDNA] WebDNA code displaying on page (Govinda 2012) Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012) Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012) Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012) Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012) Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012) Re: [WebDNA] WebDNA code displaying on page (Brian Fries 2012) Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012) Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012) Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012) Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012) Re: [WebDNA] WebDNA code displaying on page (christophe.billiottet@webdna.us 2012)

This is a multi-part message in MIME format.--------------040502050104030208010103Content-Type: text/plain; charset=ISO-8859-1; format=flowedContent-Transfer-Encoding: 7bitHi Dan,Thanks for the code. Is this the exact code you are using? I pasted it into the top of a template and am getting this at the top of the page:Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]Thanks,SteveDaniel Meola wrote:> You include this at the top of all pages:>>> [/!][!]Prevent tag hacking[/!][!]> [/!][!]--- START: to plug up the security hole of when URL hacker > passes a webdna context name as a formvar---[/!][!]> [/!][formvariables name=!][redirect /][/formvariables][!]> [/!][formvariables name=addfields][redirect /][/formvariables][!]> [/!][formvariables name=addlineitem][redirect /][/formvariables][!]> [/!][formvariables name=append][redirect /][/formvariables][!]> [/!][formvariables name=appendfile][redirect /][/formvariables][!]> [/!][formvariables name=applescript][redirect /][/formvariables][!]> [/!][formvariables name=arrayget][redirect /][/formvariables][!]> [/!][formvariables name=arrayset][redirect /][/formvariables][!]> [/!][formvariables name=authenticate][redirect /][/formvariables][!]> [/!][formvariables name=boldwords][redirect /][/formvariables][!]> [/!][formvariables name=browsername][redirect /][/formvariables][!]> [/!][formvariables name=calcfilecrc32][redirect /][/formvariables][!]> [/!][formvariables name=capitalize][redirect /][/formvariables][!]> [/!][formvariables name=case][redirect /][/formvariables][!]> [/!][formvariables name=clearlineitems][redirect /][/formvariables][!]> [/!][formvariables name=closedatabase][redirect /][/formvariables][!]> [/!][formvariables name=command][redirect /][/formvariables][!]> [/!][formvariables name=commitdatabase][redirect /][/formvariables][!]> [/!][formvariables name=convertchars][redirect /][/formvariables][!]> [/!][formvariables name=convertwords][redirect /][/formvariables][!]> [/!][formvariables name=copyfile][redirect /][/formvariables][!]> [/!][formvariables name=copyfolder][redirect /][/formvariables][!]> [/!][formvariables name=countchars][redirect /][/formvariables][!]> [/!][formvariables name=countwords][redirect /][/formvariables][!]> [/!][formvariables name=createfolder][redirect /][/formvariables][!]> [/!][formvariables name=date][redirect /][/formvariables][!]> [/!][formvariables name=ddeconnect][redirect /][/formvariables][!]> [/!][formvariables name=ddesend][redirect /][/formvariables][!]> [/!][formvariables name=decrypt][redirect /][/formvariables][!]> [/!][formvariables name=delete][redirect /][/formvariables][!]> [/!][formvariables name=deletefile][redirect /][/formvariables][!]> [/!][formvariables name=deletefolder][redirect /][/formvariables][!]> [/!][formvariables name=dos][redirect /][/formvariables][!]> [/!][formvariables name=elapsedtime][redirect /][/formvariables][!]> [/!][formvariables name=else][redirect /][/formvariables][!]> [/!][formvariables name=encrypt][redirect /][/formvariables][!]> [/!][formvariables name=exclusivelock][redirect /][/formvariables][!]> [/!][formvariables name=filecompare][redirect /][/formvariables][!]> [/!][formvariables name=fileinfo][redirect /][/formvariables][!]> [/!][formvariables name=findstring][redirect /][/formvariables][!]> [/!][formvariables name=flushcache][redirect /][/formvariables][!]> [/!][formvariables name=flushdatabases][redirect /][/formvariables][!]> [/!][formvariables name=format][redirect /][/formvariables][!]> [/!][formvariables name=format][redirect /][/formvariables][!]> [/!][formvariables name=formvariables][redirect /][/formvariables][!]> [/!][formvariables name=founditems][redirect /][/formvariables][!]> [/!][formvariables name=freememory][redirect /][/formvariables][!]> [/!][formvariables name=function][redirect /][/formvariables][!]> [/!][formvariables name=getchars][redirect /][/formvariables][!]> [/!][formvariables name=getcookie][redirect /][/formvariables][!]> [/!][formvariables name=getmimeheader][redirect /][/formvariables][!]> [/!][formvariables name=grep][redirect /][/formvariables][!]> [/!][formvariables name=hideif][redirect /][/formvariables][!]> [/!][formvariables name=html1][redirect /][/formvariables][!]> [/!][formvariables name=html2][redirect /][/formvariables][!]> [/!][formvariables name=html3][redirect /][/formvariables][!]> [/!][formvariables name=httpmethod][redirect /][/formvariables][!]> [/!][formvariables name=if][redirect /][/formvariables][!]> [/!][formvariables name=include][redirect /][/formvariables][!]> [/!][formvariables name=input][redirect /][/formvariables][!]> [/!][formvariables name=interpret][redirect /][/formvariables][!]> [/!][formvariables name=ipaddress][redirect /][/formvariables][!]> [/!][formvariables name=issecureclient][redirect /][/formvariables][!]> [/!][formvariables name=lastautonumner][redirect /][/formvariables][!]> [/!][formvariables name=lastrandom][redirect /][/formvariables][!]> [/!][formvariables name=lineitems][redirect /][/formvariables][!]> [/!][formvariables name=listchars][redirect /][/formvariables][!]> [/!][formvariables name=listcookies][redirect /][/formvariables][!]> [/!][formvariables name=listdatabases][redirect /][/formvariables][!]> [/!][formvariables name=listfields][redirect /][/formvariables][!]> [/!][formvariables name=listfiles][redirect /][/formvariables][!]> [/!][formvariables name=listmimeheaders][redirect /][/formvariables][!]> [/!][formvariables name=listpath][redirect /][/formvariables][!]> [/!][formvariables name=listvariables][redirect /][/formvariables][!]> [/!][formvariables name=listwords][redirect /][/formvariables][!]> [/!][formvariables name=lookup][redirect /][/formvariables][!]> [/!][formvariables name=lookup][redirect /][/formvariables][!]> [/!][formvariables name=loop][redirect /][/formvariables][!]> [/!][formvariables name=lowercase][redirect /][/formvariables][!]> [/!][formvariables name=math][redirect /][/formvariables][!]> [/!][formvariables name=middle][redirect /][/formvariables][!]> [/!][formvariables name=movefile][redirect /][/formvariables][!]> [/!][formvariables name=object][redirect /][/formvariables][!]> [/!][formvariables name=orderfile][redirect /][/formvariables][!]> [/!][formvariables name=password][redirect /][/formvariables][!]> [/!][formvariables name=platform][redirect /][/formvariables][!]> [/!][formvariables name=product][redirect /][/formvariables][!]> [/!][formvariables name=protect][redirect /][/formvariables][!]> [/!][formvariables name=purchase][redirect /][/formvariables][!]> [/!][formvariables name=random][redirect /][/formvariables][!]> [/!][formvariables name=raw][redirect /][/formvariables][!]> [/!][formvariables name=redirect][redirect /][/formvariables][!]> [/!][formvariables name=referrer][redirect /][/formvariables][!]> [/!][formvariables name=removehtml][redirect /][/formvariables][!]> [/!][formvariables name=removelineitem][redirect /][/formvariables][!]> [/!][formvariables name=replace][redirect /][/formvariables][!]> [/!][formvariables name=replacefounditems][redirect /][/formvariables][!]> [/!][formvariables name=return][redirect /][/formvariables][!]> [/!][formvariables name=returnraw][redirect /][/formvariables][!]> [/!][formvariables name=scope][redirect /][/formvariables][!]> [/!][formvariables name=search][redirect /][/formvariables][!]> [/!][formvariables name=sendmail][redirect /][/formvariables][!]> [/!][formvariables name=setcookie][redirect /][/formvariables][!]> [/!][formvariables name=setheader][redirect /][/formvariables][!]> [/!][formvariables name=setlineitem][redirect /][/formvariables][!]> [/!][formvariables name=setmimeheader][redirect /][/formvariables][!]> [/!][formvariables name=shell][redirect /][/formvariables][!]> [/!][formvariables name=showif][redirect /][/formvariables][!]> [/!][formvariables name=shownext][redirect /][/formvariables][!]> [/!][formvariables name=spawn][redirect /][/formvariables][!]> [/!][formvariables name=sql][redirect /][/formvariables][!]> [/!][formvariables name=sql][redirect /][/formvariables][!]> [/!][formvariables name=sqlconnect][redirect /][/formvariables][!]> [/!][formvariables name=sqldisconnect][redirect /][/formvariables][!]> [/!][formvariables name=sqlexecute][redirect /][/formvariables][!]> [/!][formvariables name=sqlinfo][redirect /][/formvariables][!]> [/!][formvariables name=sqlrelease][redirect /][/formvariables][!]> [/!][formvariables name=sqlresult][redirect /][/formvariables][!]> [/!][formvariables name=switch][redirect /][/formvariables][!]> [/!][formvariables name=table][redirect /][/formvariables][!]> [/!][formvariables name=tcpconnect][redirect /][/formvariables][!]> [/!][formvariables name=tcpsend][redirect /][/formvariables][!]> [/!][formvariables name=text][redirect /][/formvariables][!]> [/!][formvariables name=then][redirect /][/formvariables][!]> [/!][formvariables name=thisurl][redirect /][/formvariables][!]> [/!][formvariables name=time][redirect /][/formvariables][!]> [/!][formvariables name=unurl][redirect /][/formvariables][!]> [/!][formvariables name=uppercase][redirect /][/formvariables][!]> [/!][formvariables name=url][redirect /][/formvariables][!]> [/!][formvariables name=username][redirect /][/formvariables][!]> [/!][formvariables name=validcard][redirect /][/formvariables][!]> [/!][formvariables name=version][redirect /][/formvariables][!]> [/!][formvariables name=version][redirect /][/formvariables][!]> [/!][formvariables name=waitforfile][redirect /][/formvariables][!]> [/!][formvariables name=writefile][redirect /][/formvariables][!]> [/!][formvariables name=xmlnode][redirect /][/formvariables][!]> [/!][formvariables name=xmlnodes][redirect /][/formvariables][!]> [/!][formvariables name=xmlnodesattributes][redirect /][/formvariables][!]> [/!][formvariables name=xmlparse][redirect /][/formvariables][!]> [/!][formvariables name=xsl][redirect /][/formvariables][!]> [/!][formvariables name=xslt][redirect /][/formvariables][!]> [/!][!]--- END: to plug up the security hole of when URL hacker passes > a webdna context name as a formvar---[/!]>> Daniel Meola> 301-486-0901> daniel@knifecenter.com >>>> On Wed, Dec 12, 2012 at 2:44 PM, Terry Wilson > wrote:>> This exploit was discovered a few years back, but I thought it was> fixed, or a fix was announced or something. I forget.>> Terry>>>> Hi,>> I am running V6.2 on CentOS 5.8 and have found instances where> WebDNA code displays on a page if certain WebDNA tags are in> the URL.>> I thought it was something I was doing but this appears to> happen on the www.webdna.us site as well.>> http://www.webdna.us/page.dna?text=> takes you to a page that shows only webdna code>> http://www.webdna.us/page.dna?numero=56&text=> > adds a line of text above the navigation row in the red> background (need to mouse over to see it - text is same color> as red background)>>> I first experienced this with != and fixed it by putting a> RewriteRule in an .htaccess file in the site's root folder>> Today I tried a few other tags and found others. I haven't> checked all the tags just a handful.>> text=> math=> format=>> Anyone else experience this, have a fix or suggestion?>> Thanks,> Steve>>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list >.> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us >>>> -- > Terry Wilson | terry@terryfic.com |> http://terryfic.com> http://WhosComing.com - a simplified, affordable online> reservation system> iStockPhoto portfolio -> http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D> --------------------------------------------------------------------------> Attitude is the only difference between ordeal and adventure.>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list >.> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us >>> --------------------------------------------------------- This message > is sent to you because you are subscribed to the mailing list . To > unsubscribe, E-mail to: archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: > support@webdna.us --------------040502050104030208010103Content-Type: text/html; charset=ISO-8859-1Content-Transfer-Encoding: 7bit Hi Dan,

Thanks for the code. Is this the exact code you are using?  I pasted itinto the top of a template and am getting this at the top of the page:

Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]


Thanks,
Steve

Daniel Meola wrote:You include this at the top of all pages:











[/!][!]Prevent tag hacking[/!][!]



[/!][!]--- START: to plug up the security hole of when URLhacker passes a webdna context name as a formvar---[/!][!]



[/!][formvariables name=!][redirect /][/formvariables][!]



[/!][formvariables name=addfields][redirect /][/formvariables][!]



[/!][formvariables name=addlineitem][redirect/][/formvariables][!]



[/!][formvariables name=append][redirect /][/formvariables][!]



[/!][formvariables name=appendfile][redirect/][/formvariables][!]



[/!][formvariables name=applescript][redirect/][/formvariables][!]



[/!][formvariables name=arrayget][redirect /][/formvariables][!]



[/!][formvariables name=arrayset][redirect /][/formvariables][!]



[/!][formvariables name=authenticate][redirect/][/formvariables][!]



[/!][formvariables name=boldwords][redirect /][/formvariables][!]



[/!][formvariables name=browsername][redirect/][/formvariables][!]



[/!][formvariables name=calcfilecrc32][redirect/][/formvariables][!]



[/!][formvariables name=capitalize][redirect/][/formvariables][!]



[/!][formvariables name=case][redirect /][/formvariables][!]



[/!][formvariables name=clearlineitems][redirect/][/formvariables][!]



[/!][formvariables name=closedatabase][redirect/][/formvariables][!]



[/!][formvariables name=command][redirect /][/formvariables][!]



[/!][formvariables name=commitdatabase][redirect/][/formvariables][!]



[/!][formvariables name=convertchars][redirect/][/formvariables][!]



[/!][formvariables name=convertwords][redirect/][/formvariables][!]



[/!][formvariables name=copyfile][redirect /][/formvariables][!]



[/!][formvariables name=copyfolder][redirect/][/formvariables][!]



[/!][formvariables name=countchars][redirect/][/formvariables][!]



[/!][formvariables name=countwords][redirect/][/formvariables][!]



[/!][formvariables name=createfolder][redirect/][/formvariables][!]



[/!][formvariables name=date][redirect /][/formvariables][!]



[/!][formvariables name=ddeconnect][redirect/][/formvariables][!]



[/!][formvariables name=ddesend][redirect /][/formvariables][!]



[/!][formvariables name=decrypt][redirect /][/formvariables][!]



[/!][formvariables name=delete][redirect /][/formvariables][!]



[/!][formvariables name=deletefile][redirect/][/formvariables][!]



[/!][formvariables name=deletefolder][redirect/][/formvariables][!]



[/!][formvariables name=dos][redirect /][/formvariables][!]



[/!][formvariables name=elapsedtime][redirect/][/formvariables][!]



[/!][formvariables name=else][redirect /][/formvariables][!]



[/!][formvariables name=encrypt][redirect /][/formvariables][!]



[/!][formvariables name=exclusivelock][redirect/][/formvariables][!]



[/!][formvariables name=filecompare][redirect/][/formvariables][!]



[/!][formvariables name=fileinfo][redirect /][/formvariables][!]



[/!][formvariables name=findstring][redirect/][/formvariables][!]



[/!][formvariables name=flushcache][redirect/][/formvariables][!]



[/!][formvariables name=flushdatabases][redirect/][/formvariables][!]



[/!][formvariables name=format][redirect /][/formvariables][!]



[/!][formvariables name=format][redirect /][/formvariables][!]



[/!][formvariables name=formvariables][redirect/][/formvariables][!]



[/!][formvariables name=founditems][redirect/][/formvariables][!]



[/!][formvariables name=freememory][redirect/][/formvariables][!]



[/!][formvariables name=function][redirect /][/formvariables][!]



[/!][formvariables name=getchars][redirect /][/formvariables][!]



[/!][formvariables name=getcookie][redirect /][/formvariables][!]



[/!][formvariables name=getmimeheader][redirect/][/formvariables][!]



[/!][formvariables name=grep][redirect /][/formvariables][!]



[/!][formvariables name=hideif][redirect /][/formvariables][!]



[/!][formvariables name=html1][redirect /][/formvariables][!]



[/!][formvariables name=html2][redirect /][/formvariables][!]



[/!][formvariables name=html3][redirect /][/formvariables][!]



[/!][formvariables name=httpmethod][redirect/][/formvariables][!]



[/!][formvariables name=if][redirect /][/formvariables][!]



[/!][formvariables name=include][redirect /][/formvariables][!]



[/!][formvariables name=input][redirect /][/formvariables][!]



[/!][formvariables name=interpret][redirect /][/formvariables][!]



[/!][formvariables name=ipaddress][redirect /][/formvariables][!]



[/!][formvariables name=issecureclient][redirect/][/formvariables][!]



[/!][formvariables name=lastautonumner][redirect/][/formvariables][!]



[/!][formvariables name=lastrandom][redirect/][/formvariables][!]



[/!][formvariables name=lineitems][redirect /][/formvariables][!]



[/!][formvariables name=listchars][redirect /][/formvariables][!]



[/!][formvariables name=listcookies][redirect/][/formvariables][!]



[/!][formvariables name=listdatabases][redirect/][/formvariables][!]



[/!][formvariables name=listfields][redirect/][/formvariables][!]



[/!][formvariables name=listfiles][redirect /][/formvariables][!]



[/!][formvariables name=listmimeheaders][redirect/][/formvariables][!]



[/!][formvariables name=listpath][redirect /][/formvariables][!]



[/!][formvariables name=listvariables][redirect/][/formvariables][!]



[/!][formvariables name=listwords][redirect /][/formvariables][!]



[/!][formvariables name=lookup][redirect /][/formvariables][!]



[/!][formvariables name=lookup][redirect /][/formvariables][!]



[/!][formvariables name=loop][redirect /][/formvariables][!]



[/!][formvariables name=lowercase][redirect /][/formvariables][!]



[/!][formvariables name=math][redirect /][/formvariables][!]



[/!][formvariables name=middle][redirect /][/formvariables][!]



[/!][formvariables name=movefile][redirect /][/formvariables][!]



[/!][formvariables name=object][redirect /][/formvariables][!]



[/!][formvariables name=orderfile][redirect /][/formvariables][!]



[/!][formvariables name=password][redirect /][/formvariables][!]



[/!][formvariables name=platform][redirect /][/formvariables][!]



[/!][formvariables name=product][redirect /][/formvariables][!]



[/!][formvariables name=protect][redirect /][/formvariables][!]



[/!][formvariables name=purchase][redirect /][/formvariables][!]



[/!][formvariables name=random][redirect /][/formvariables][!]



[/!][formvariables name=raw][redirect /][/formvariables][!]



[/!][formvariables name=redirect][redirect /][/formvariables][!]



[/!][formvariables name=referrer][redirect /][/formvariables][!]



[/!][formvariables name=removehtml][redirect/][/formvariables][!]



[/!][formvariables name=removelineitem][redirect/][/formvariables][!]



[/!][formvariables name=replace][redirect /][/formvariables][!]



[/!][formvariables name=replacefounditems][redirect/][/formvariables][!]



[/!][formvariables name=return][redirect /][/formvariables][!]



[/!][formvariables name=returnraw][redirect /][/formvariables][!]



[/!][formvariables name=scope][redirect /][/formvariables][!]



[/!][formvariables name=search][redirect /][/formvariables][!]



[/!][formvariables name=sendmail][redirect /][/formvariables][!]



[/!][formvariables name=setcookie][redirect /][/formvariables][!]



[/!][formvariables name=setheader][redirect /][/formvariables][!]



[/!][formvariables name=setlineitem][redirect/][/formvariables][!]



[/!][formvariables name=setmimeheader][redirect/][/formvariables][!]



[/!][formvariables name=shell][redirect /][/formvariables][!]



[/!][formvariables name=showif][redirect /][/formvariables][!]



[/!][formvariables name=shownext][redirect /][/formvariables][!]



[/!][formvariables name=spawn][redirect /][/formvariables][!]



[/!][formvariables name=sql][redirect /][/formvariables][!]



[/!][formvariables name=sql][redirect /][/formvariables][!]



[/!][formvariables name=sqlconnect][redirect/][/formvariables][!]



[/!][formvariables name=sqldisconnect][redirect/][/formvariables][!]



[/!][formvariables name=sqlexecute][redirect/][/formvariables][!]



[/!][formvariables name=sqlinfo][redirect /][/formvariables][!]



[/!][formvariables name=sqlrelease][redirect/][/formvariables][!]



[/!][formvariables name=sqlresult][redirect /][/formvariables][!]



[/!][formvariables name=switch][redirect /][/formvariables][!]



[/!][formvariables name=table][redirect /][/formvariables][!]



[/!][formvariables name=tcpconnect][redirect/][/formvariables][!]



[/!][formvariables name=tcpsend][redirect /][/formvariables][!]



[/!][formvariables name=text][redirect /][/formvariables][!]



[/!][formvariables name=then][redirect /][/formvariables][!]



[/!][formvariables name=thisurl][redirect /][/formvariables][!]



[/!][formvariables name=time][redirect /][/formvariables][!]



[/!][formvariables name=unurl][redirect /][/formvariables][!]



[/!][formvariables name=uppercase][redirect /][/formvariables][!]



[/!][formvariables name=url][redirect /][/formvariables][!]



[/!][formvariables name=username][redirect /][/formvariables][!]



[/!][formvariables name=validcard][redirect /][/formvariables][!]



[/!][formvariables name=version][redirect /][/formvariables][!]



[/!][formvariables name=version][redirect /][/formvariables][!]



[/!][formvariables name=waitforfile][redirect/][/formvariables][!]



[/!][formvariables name=writefile][redirect /][/formvariables][!]



[/!][formvariables name=xmlnode][redirect /][/formvariables][!]



[/!][formvariables name=xmlnodes][redirect /][/formvariables][!]



[/!][formvariables name=xmlnodesattributes][redirect/][/formvariables][!]



[/!][formvariables name=xmlparse][redirect /][/formvariables][!]



[/!][formvariables name=xsl][redirect /][/formvariables][!]



[/!][formvariables name=xslt][redirect /][/formvariables][!]



[/!][!]--- END: to plug up the security hole of when URL hackerpasses a webdna context name as a formvar---[/!]







DanielMeola

301-486-0901

daniel@knifecenter.com










On Wed, Dec 12, 2012 at 2:44 PM, TerryWilson <terry@terryfic.com>wrote:


Thisexploit was discovered a few years back, but I thought it was fixed, ora fix was announced or something. I forget.

Terry







Hi,

I am running V6.2 on CentOS 5.8 and have found instances where WebDNAcode displays on a page if certain WebDNA tags are in the URL.

I thought it was something I was doing but this appears to happen onthe www.webdna.us site as well.

 http://www.webdna.us/page.dna?text=
takes you to a page that shows only webdna code

 http://www.webdna.us/page.dna?numero=56&text=
adds a line of text above the navigation row in the red background(need to mouse over to see it - text is same color as red background)


I first experienced this with   !=  and fixed it by putting aRewriteRule in an .htaccess file in the site's root folder

Today I tried a few other tags and found others. I haven't checked allthe tags just a handful.

text=
math=
format=

Anyone else experience this, have a fix or suggestion?

Thanks,
Steve


---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us








 --
Terry Wilson | terry@terryfic.com| http://terryfic.com
 http://WhosComing.com - a simplified, affordableonline reservation system
iStockPhoto portfolio - http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D
--------------------------------------------------------------------------
Attitude is the only difference between ordeal and adventure.



---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us











---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: support@webdna.us --------------040502050104030208010103-- Steve Raslevich

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

no country? (1998) problems with 2 tags (1997) 3 card formulas! (1999) WebCatalog (1998) NewCart+Search with one click ? (1997) Smart caching problems with 2.1b3? (1997) [taxrate] question (1997) Country & Ship-to address & other fields ? (1997) Subtotal help (1997) Payment Processors (2005) Templates on Unix & CGI on Mac? (1997) WebCat2 - Getting to the browser's username/password data (1997) Saving/Looking Up customer numbers (1998) emailer (1997) switching users (1998) pc (1997) Database cloning, or possible hack? (2003) international time (1997) Web Catalog 2 demo (1997) There's a bug in the math context ... (1997)