numero = 110685
interpreted = N
texte = --001a11c34e6cbb7b1b04e624588d Content-Type: text/plain; charset=ISO-8859-1 This is noHack.db: contextName ! addfields addlineitem append appendfile applescript arrayget arrayset authenticate boldwords browsername calcfilecrc32 capitalize case clearlineitems closedatabase command commitdatabase convertchars convertwords copyfile copyfolder countchars countwords createfolder date ddeconnect ddesend decrypt delete deletefile deletefolder dos elapsedtime else encrypt exclusivelock filecompare fileinfo findstring flushcache flushdatabases format format formvariables founditems freememory function getchars getcookie getmimeheader grep hideif html1 html2 html3 httpmethod if include input interpret ipaddress issecureclient lastautonumner lastrandom lineitems listchars listcookies listdatabases listfields listfiles listmimeheaders listpath listvariables listwords lookup lookup loop lowercase math middle movefile object orderfile password platform product protect purchase random raw redirect referrer removehtml removelineitem replace replacefounditems return returnraw scope search sendmail setcookie setheader setlineitem setmimeheader shell showif shownext spawn sql sql sqlconnect sqldisconnect sqlexecute sqlinfo sqlrelease sqlresult switch table tcpconnect tcpsend text then thisurl time unurl uppercase url username validcard version version waitforfile writefile xmlnode xmlnodes xmlnodesattributes xmlparse xsl xslt On Wed, Sep 11, 2013 at 6:42 PM, Donovan Brooke wrote: > Steve, > It appears the original coder was trying to stop anyone from trying a > context in the URL... however, I'm not sure why that would be desired. We > don't know the contents of "noHack.db" so we can't tell you exactly what > the coder was trying to protect the site from. > > Donovan > > > > --- Original message --- > *Subject:* [WebDNA] Stop hacking > *From:* Steve Graham > *To:* > *Date:* Wednesday, 11/09/2013 3:53 PM > > I found this code in a webdna site I am fixing. Someone please say if > this is necessary or recommended to stop hackers in v7.x or v6.2.1: > > [formvariables] > [search db=noHack.db&eqcontextNamedatarq=[url][name][/url]] > [founditems] > [redirect /] > [/founditems] > [/search] > [/formvariables] > > [!] include this file at the top of every page to block hacking when a > context name appears as a formvariable name [/!] > --------------------------------------------------------- This message is > sent to you because you are subscribed to the mailing list . > To unsubscribe, E-mail to: archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us > > > --------------------------------------------------------- This message is > sent to you because you are subscribed to the mailing list **. To > unsubscribe, E-mail to: ** archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --001a11c34e6cbb7b1b04e624588d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
This is noHack.db:
contextName ! addfieldsaddlineitem append appendfile applescript arrayget arrayset= authenticate boldwords browsername calcfilecrc32 capitalize= case clearlineitems closedatabase command commitdatabase con= vertchars convertwords copyfile copyfolder countchars countw= ords createfolder date ddeconnect ddesend decrypt delete<= br> deletefile deletefolder dos elapsedtime else encrypt excl= usivelock filecompare fileinfo findstring flushcache flushda= tabases format format formvariables founditems freememory function getchars getcookie getmimeheader grep hideif htm= l1 html2 html3 httpmethod if include input interpretipaddress issecureclient lastautonumner lastrandom lineitems<= br> listchars listcookies listdatabases listfields listfiles lis= tmimeheaders listpath listvariables listwords lookup lookup<= br>loop lowercase math middle movefile object orderfile password platform product protect purchase random raw = redirect referrer removehtml removelineitem replace replacef= ounditems return returnraw scope search sendmail setcooki= e setheader setlineitem setmimeheader shell showif shownextspawn sql sql sqlconnect sqldisconnect sqlexecute sqlinf= o sqlrelease sqlresult switch table tcpconnect tcpsend text then thisurl time unurl uppercase url usernamevalidcard version version waitforfile writefile xmlnode = xmlnodes xmlnodesattributes xmlparse xsl xslt
On Wed, Sep 11, 2013 at 6:42 PM, Donovan= Brooke <dbrooke@webdna.us> wrote:
Steve, It appears the original coder was trying to stop anyone from try= ing a context in the URL... however, I'm not sure why that would be des= ired. We don't know the contents of "noHack.db" so we can'= ;t tell you exactly what the coder was trying to protect the site from.
Donovan
=A0
=A0
--- Original message --- Subject: [WebDNA] Stop hacking From: Steve Graham <skgrahamjr@gmail.com> To: <talk@we= bdna.us> Date: Wednesday, 11/09/2013 3:53 PM
I found this code in a webdna site I am fixing.=A0 Someone please say if t= his is necessary or recommended to stop hackers in v7.x or v6.2.1:
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: suppo= rt@webdna.us
--001a11c34e6cbb7b1b04e624588d--
Associated Messages, from the most recent to the oldest:
--001a11c34e6cbb7b1b04e624588d Content-Type: text/plain; charset=ISO-8859-1 This is noHack.db: contextName ! addfields addlineitem append appendfile applescript arrayget arrayset authenticate boldwords browsername calcfilecrc32 capitalize case clearlineitems closedatabase command commitdatabase convertchars convertwords copyfile copyfolder countchars countwords createfolder date ddeconnect ddesend decrypt delete deletefile deletefolder dos elapsedtime else encrypt exclusivelock filecompare fileinfo findstring flushcache flushdatabases format format formvariables founditems freememory function getchars getcookie getmimeheader grep hideif html1 html2 html3 httpmethod if include input interpret ipaddress issecureclient lastautonumner lastrandom lineitems listchars listcookies listdatabases listfields listfiles listmimeheaders listpath listvariables listwords lookup lookup loop lowercase math middle movefile object orderfile password platform product protect purchase random raw redirect referrer removehtml removelineitem replace replacefounditems return returnraw scope search sendmail setcookie setheader setlineitem setmimeheader shell showif shownext spawn sql sql sqlconnect sqldisconnect sqlexecute sqlinfo sqlrelease sqlresult switch table tcpconnect tcpsend text then thisurl time unurl uppercase url username validcard version version waitforfile writefile xmlnode xmlnodes xmlnodesattributes xmlparse xsl xslt On Wed, Sep 11, 2013 at 6:42 PM, Donovan Brooke wrote: > Steve, > It appears the original coder was trying to stop anyone from trying a > context in the URL... however, I'm not sure why that would be desired. We > don't know the contents of "noHack.db" so we can't tell you exactly what > the coder was trying to protect the site from. > > Donovan > > > > --- Original message --- > *Subject:* [WebDNA] Stop hacking > *From:* Steve Graham > *To:* > *Date:* Wednesday, 11/09/2013 3:53 PM > > I found this code in a webdna site I am fixing. Someone please say if > this is necessary or recommended to stop hackers in v7.x or v6.2.1: > > [formvariables] > [search db=noHack.db&eqcontextNamedatarq=[url][name][/url]] > [founditems] > [redirect /] > [/founditems] > [/search] > [/formvariables] > > [!] include this file at the top of every page to block hacking when a > context name appears as a formvariable name [/!] > --------------------------------------------------------- This message is > sent to you because you are subscribed to the mailing list . > To unsubscribe, E-mail to: archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us > > > --------------------------------------------------------- This message is > sent to you because you are subscribed to the mailing list **. To > unsubscribe, E-mail to: ** archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --001a11c34e6cbb7b1b04e624588d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
This is noHack.db:
contextName ! addfieldsaddlineitem append appendfile applescript arrayget arrayset= authenticate boldwords browsername calcfilecrc32 capitalize= case clearlineitems closedatabase command commitdatabase con= vertchars convertwords copyfile copyfolder countchars countw= ords createfolder date ddeconnect ddesend decrypt delete<= br> deletefile deletefolder dos elapsedtime else encrypt excl= usivelock filecompare fileinfo findstring flushcache flushda= tabases format format formvariables founditems freememory function getchars getcookie getmimeheader grep hideif htm= l1 html2 html3 httpmethod if include input interpretipaddress issecureclient lastautonumner lastrandom lineitems<= br> listchars listcookies listdatabases listfields listfiles lis= tmimeheaders listpath listvariables listwords lookup lookup<= br>loop lowercase math middle movefile object orderfile password platform product protect purchase random raw = redirect referrer removehtml removelineitem replace replacef= ounditems return returnraw scope search sendmail setcooki= e setheader setlineitem setmimeheader shell showif shownextspawn sql sql sqlconnect sqldisconnect sqlexecute sqlinf= o sqlrelease sqlresult switch table tcpconnect tcpsend text then thisurl time unurl uppercase url usernamevalidcard version version waitforfile writefile xmlnode = xmlnodes xmlnodesattributes xmlparse xsl xslt
On Wed, Sep 11, 2013 at 6:42 PM, Donovan= Brooke <dbrooke@webdna.us> wrote:
Steve, It appears the original coder was trying to stop anyone from try= ing a context in the URL... however, I'm not sure why that would be des= ired. We don't know the contents of "noHack.db" so we can'= ;t tell you exactly what the coder was trying to protect the site from.
Donovan
=A0
=A0
--- Original message --- Subject: [WebDNA] Stop hacking From: Steve Graham <skgrahamjr@gmail.com> To: <talk@we= bdna.us> Date: Wednesday, 11/09/2013 3:53 PM
I found this code in a webdna site I am fixing.=A0 Someone please say if t= his is necessary or recommended to stop hackers in v7.x or v6.2.1:
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: suppo= rt@webdna.us
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...