Page Index Toggle Pages: 1 [2] 3 4 5 Send TopicPrint
Very Hot Topic (More than 25 Replies) Security Issue! (Read 20328 times)
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Issue!
Reply #15 - Jan 13th, 2002 at 8:48pm
Print Post  
  

The Administrator.
Back to top
WWW  
IP Logged
 
xxskullxx
Guest


Re: Security Issue!
Reply #16 - Jan 13th, 2002 at 9:27pm
Print Post  
javasCript:alert('Testing...unfortunatelystillawayaroundit.Smiley')


Hmmmm...just what I thought.



I could still do it with a little bit of effort. The mod I don't think is enough. Sad


Nomad Gaming
  
Back to top
 
IP Logged
 
xxskullxx
New Member
*
Offline


I love YaBB 1 Gold!

Posts: 3
Joined: Jan 13th, 2002
Gender: Male
Re: Security Issue!
Reply #17 - Jan 13th, 2002 at 9:30pm
Print Post  
Javascript calls can still be made.
  
Back to top
 
IP Logged
 
[CV]XXL^testing
Guest


Re: Security Issue!
Reply #18 - Jan 13th, 2002 at 9:57pm
Print Post  
javascript:document.write('hmtesting...hmIdon'tknowwhybutthisshouldnotworkwhenmycodewouldworkcurrectly...')
  
Back to top
 
IP Logged
 
[CV]XXL^testing
Guest


Re: Security Issue!
Reply #19 - Jan 13th, 2002 at 9:59pm
Print Post  
javasCript:document.write('hmtesting...hmIdon'tknowwhybutthisshouldnotworkwhenmycodewouldworkcurrectly...')this is exactly what I was talking about... now why the hell doesn't he put http:// infront??
  
Back to top
 
IP Logged
 
xxskullxx
New Member
*
Offline


I love YaBB 1 Gold!

Posts: 3
Joined: Jan 13th, 2002
Gender: Male
Re: Security Issue!
Reply #20 - Jan 13th, 2002 at 10:00pm
Print Post  
I keep looking in the mod, but I can't figure out why it doesn't either.
  
Back to top
 
IP Logged
 
[CV]XXL^testing
Guest


Re: Security Issue!
Reply #21 - Jan 13th, 2002 at 10:02pm
Print Post  
some more testing...
javasCript:document.write('Testing...unfortunatelystillawayaroundit.<imgsrc=http://boardmod.xnull.com/yabb/YaBBImages/smiley.gif>
  
Back to top
 
IP Logged
 
[CV]XXL^testing
Guest


Re: Security Issue!
Reply #22 - Jan 13th, 2002 at 10:03pm
Print Post  
hm I see, the \b parameter doesn't work in the code, don't ask my why...
  
Back to top
 
IP Logged
 
[CV]XXL^testing
Guest


Re: Security Issue!
Reply #23 - Jan 13th, 2002 at 10:10pm
Print Post  
ok I think I got it, instead if \b just use ^...
  
Back to top
 
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Issue!
Reply #24 - Jan 13th, 2002 at 10:17pm
Print Post  
alright. the problem was that the check if the img src contains http:// or not was not set to "if src begins with http://" but it was "if any word begins with http://". So this <img src=http://smiley.gif> caused that http:// was not added. Fixed version 1.2 is up.
  

The Administrator.
Back to top
WWW  
IP Logged
 
xxskullxx
New Member
*
Offline


I love YaBB 1 Gold!

Posts: 3
Joined: Jan 13th, 2002
Gender: Male
Re: Security Issue!
Reply #25 - Jan 13th, 2002 at 10:24pm
Print Post  
Good work!
  
Back to top
 
IP Logged
 
Brainy
Guest


Re: Security Issue!
Reply #26 - Jan 13th, 2002 at 11:19pm
Print Post  
The missing image problem still seems to be happening in the signature file. Though it seems to be just a select few users.

Im useing YaBB 1 Gold
  
Back to top
 
IP Logged
 
Brainy
Guest


Re: Security Issue!
Reply #27 - Jan 13th, 2002 at 11:23pm
Print Post  
Oh, and I AM talking about ver 1.2 of the security fix
  
Back to top
 
IP Logged
 
Shoeb Omar
God Member
*****
Offline


Mod Writer

Posts: 5665
Location: San Diego
Joined: Jun 29th, 2001
Gender: Male
Re: Security Issue!
Reply #28 - Jan 13th, 2002 at 11:26pm
Print Post  
yeah - its happening to kyle yankans signiture
  

YaBB SP2 BETA!
Now taking pay jobs in PHP or Perl.  Contact me for details.
Back to top
IP Logged
 
Brainy
Guest


Re: Security Issue!
Reply #29 - Jan 13th, 2002 at 11:41pm
Print Post  
Hmmm...this is too weird. Looking at one persons posts. Some are showing the graphic in the signature and some are not. The one that is not showing was made this morning around the time that I updated with the security fixes.

I am now wondering if the post that has the graphic missing was made after I applied 1.1 and before 1.2

I have no way of checking back when I updated the two different fixes. Anyone know if the signature file is statically posted, or does it update on view?
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 [2] 3 4 5
Send TopicPrint