Web Wiz Support and Community Forums : Security bug found and fixed in v7.95! https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sat, 18 Apr 2026 12:36:50 +0000 Fri, 04 Nov 2005 12:56:36 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=17104 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[Security bug found and fixed in v7.95! : Thanks MadDog for the catch!...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93284.html#93284 Author: JJLatWebWiz
Subject: 17104
Posted: 04 November 2005 at 12:56pm

Thanks MadDog for the catch! Now I'll have to look through my raw server logs to see if anyone has been exploiting this.

By the way, why do you use the var "strDBTableTopics" instead of "strDbTable & "Topic"". That var is probably why stonecutter got that error.]]> Fri, 04 Nov 2005 12:56:36 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93284.html#93284 <![CDATA[Security bug found and fixed in v7.95! : there is a version history saying...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93276.html#93276 Author: dj air
Subject: 17104
Posted: 04 November 2005 at 8:14am

there is a version history saying about the files that where edited.


<--- edit -->

http://www.webwiz.net/web_wiz_forums/Version%20History.txt

it was 2 files forum_posts.asp and active topics.asp


Edited by dj air - 04 November 2005 at 8:18am]]> Fri, 04 Nov 2005 08:14:12 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93276.html#93276 <![CDATA[Security bug found and fixed in v7.95! : not again is there a version...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93274.html#93274 Author: Ali Bilgrami
Subject: 17104
Posted: 04 November 2005 at 8:05am

not again Cry 
is there a version history available or say in which files should i cut / paste or edit the code Big smile 
]]> Fri, 04 Nov 2005 08:05:26 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93274.html#93274 <![CDATA[Security bug found and fixed in v7.95! : A fix for this and some of bugs...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93265.html#93265 Author: WebWiz-Bruce
Subject: 17104
Posted: 04 November 2005 at 3:45am

A fix for this and some of bugs in 7.95 was released 2 days ago.

Just download the latest version 7.96
]]> Fri, 04 Nov 2005 03:45:05 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93265.html#93265 <![CDATA[Security bug found and fixed in v7.95! : I applied the fix and received...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93263.html#93263 Author: stonecutter
Subject: 17104
Posted: 03 November 2005 at 11:53pm

I applied the fix and received a VB Script Runtime error when trying toaccess a password restricted forum. I copied back the original file.Thanks for your efforts but for some reason it didn't work on my system.]]> Thu, 03 Nov 2005 23:53:49 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93263.html#93263 <![CDATA[Security bug found and fixed in v7.95! : no problem as i went through the...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93122.html#93122 Author: Ali Bilgrami
Subject: 17104
Posted: 01 November 2005 at 5:20pm

no problem as i went through the updated file..i got some idea abt it...Big smile
lets see what -boRg- comes up with...and thanks for the fix :)
]]> Tue, 01 Nov 2005 17:20:13 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93122.html#93122 <![CDATA[Security bug found and fixed in v7.95! : Sorry but im not going to actually...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93119.html#93119 Author: MadDog
Subject: 17104
Posted: 01 November 2005 at 5:01pm

Sorry but im not going to actually show the code that i changed due to security reasons. For now im not going to say.]]> Tue, 01 Nov 2005 17:01:36 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93119.html#93119 <![CDATA[Security bug found and fixed in v7.95! : can you tell me where to change...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93118.html#93118 Author: Ali Bilgrami
Subject: 17104
Posted: 01 November 2005 at 4:55pm

can you tell me where to change forum_posts.asp??? i have some modifications done on that file. pointin out the code will be a help, if for security reasons u cant do it then kindly pm me Smile]]> Tue, 01 Nov 2005 16:55:34 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93118.html#93118 <![CDATA[Security bug found and fixed in v7.95! : I found a bug today in forum_posts.asp...]]> https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93115.html#93115 Author: MadDog
Subject: 17104
Posted: 01 November 2005 at 3:39pm

I found a bug today in forum_posts.asp that allows any visitor to view any topic regardless of topic and forum permissions.

Download the zip below and replace forum_posts.asp with the one in your forum.

I reported this bug to -boRg- so hopefully he will provide offical patch soon, but for the mean time im posting this.

Download Fix Here]]> Tue, 01 Nov 2005 15:39:06 +0000 https://forums.webwiz.net/security-bug-found-and-fixed-in-v7-95_topic17104_post93115.html#93115