Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Is it possibble to Request.QueryString("page") ?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Is it possibble to Request.QueryString("page") ?
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
SkIpErMan View Drop Down
Newbie
Newbie
Avatar

Joined: 18 June 2008
Location: Sweden
Status: Offline
Points: 22 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SkIpErMan Quote  Post ReplyReply Direct Link To This Post Topic: Is it possibble to Request.QueryString("page") ?
    Posted: 18 June 2008 at 3:20pm

Hi!

Have integreat the Web Wiz Forums in to my site and doing some test to see if it feets my needs and it looks fine!
 
How ever i would like to use server execute on the default.asp page in an table. To do so I need to call all links in to Request.QueryString("page") so it show up in the same table like this
 
              'IF Request.QueryString("page") = "" THEN
               'Server.Execute("default.asp")
               
               'ELSEIF Request.QueryString("page") = "home" OR Request.QueryString("page") = "forumindex" OR Request.QueryString("page") = "staffandmanagement" OR Request.QueryString("page") = "teamnews" THEN
               'Server.Execute("ssi/"& Request.QueryString("page") &".asp")
               
              'ELSE
               'Server.Execute(""& Request.QueryString("page") &".asp")
              'END IF
 
My quations is. Have Web Wiz Forum all ready imlpemented cod where I can do this change or do I have to change all links on every page?
 
I think a saw something in one of your page, but cant find it again!
 
Is there any other way to integrate Web Wiz Forums as I have done with out to change all links or use  Request.QueryString("page").  I have test Iframe but have read some where it could be use to inject other sites. And with Iframe I have to use scroller and I dont like that!
 
How ever to change the cod I need licens so I would like to know if there is other options before! 
 
This is how all tables are setup with Web Wiz Forums and I like it Smile
 
 
Best regards
 
/SkIpErMan
 
 
 


Edited by SkIpErMan - 18 June 2008 at 6:26pm
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 19 June 2008 at 12:18pm
I'm not really sure what you are trying to do, but I can see the code you are using is completely insecure using a querystring in a server.exceute without first parsing the data is an open invitation to any hacker.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
SkIpErMan View Drop Down
Newbie
Newbie
Avatar

Joined: 18 June 2008
Location: Sweden
Status: Offline
Points: 22 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SkIpErMan Quote  Post ReplyReply Direct Link To This Post Posted: 19 June 2008 at 6:00pm

Iam just a beginner and use very simple school cod so there should not be any opening for a hacker as far as I know in my cod.  Else I have to take my teacher in the ear LOL 

If I can not use server execute on the Web Wis Forum default.asp, because the cod its not parsed, what option do I have to keep my tables and the forum like the screenshoot shows?
 
Or should I just give it up and start build and finish my own forum again?
 
/SkIpErMan
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 19 June 2008 at 6:16pm
just enter your site layout to the forums includes/header.asp and includes/footer.asp files.

If you already have a Header and Footer file for your site, just enter the link to them eg:

<!--#include file="../../includes/header.asp"-->
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 June 2008 at 8:40am
Originally posted by SkIpErMan SkIpErMan wrote:

Iam just a beginner and use very simple school cod so there should not be any opening for a hacker as far as I know in my cod.  Else I have to take my teacher in the ear LOL 

If I can not use server execute on the Web Wis Forum default.asp, because the cod its not parsed, what option do I have to keep my tables and the forum like the screenshoot shows?
 
Or should I just give it up and start build and finish my own forum again?
 
/SkIpErMan


If a teacher is giving this code you should pull them up, it's completely open to a hacker.

Server.Execute(""& Request.QueryString("page") &".asp")

Using a querysting in Server.Execute without parsing the data means that anyone can easily change the querystring in the URL and call any ASP file on the server they like within the page.

This is very dangerious. You should place the querytsing data into a variable then check it's contents are permitted and remove any malious code before using it within Server.Execute.

For example:-

mysite.com/forum/default.asp?Page=../../badfile

This could be sent within the URL to call an ASP file called badfile.asp which isn't even in the forum directory!!

This is just an example, but a clever hacker can use this type of thing to do all sorts of damage, and you wouldn't beleive the lengths some hackers go to.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
SkIpErMan View Drop Down
Newbie
Newbie
Avatar

Joined: 18 June 2008
Location: Sweden
Status: Offline
Points: 22 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SkIpErMan Quote  Post ReplyReply Direct Link To This Post Posted: 20 June 2008 at 12:59pm

Thanks!

I did not know this.  Iam glad you told me about my security hole.  Ill gone fix it in!
 
But still interessted in Web Wiz Forum :)
 
Thanks again!
 
Michael / aKa SkIpErMan
 
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 June 2008 at 1:34pm
As a rule of thumb any data passed from user data from forms etc. or in a querystring should always be parsed and checked for malicious code as they can be used for XSS (Cross site scripting), SQL Injections, DoS attacks, etc.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
SkIpErMan View Drop Down
Newbie
Newbie
Avatar

Joined: 18 June 2008
Location: Sweden
Status: Offline
Points: 22 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SkIpErMan Quote  Post ReplyReply Direct Link To This Post Posted: 24 June 2008 at 8:20pm

Its not possible to directly call any of my pages becasue they do have cod that checks before they executes.  But it would not be secure to do the same execute with the Web Wiz Forum.

Ill finish my own forum. Have at least Main and subforums!
 
Thanks for your help!
 
/SkIpErMan
 
 

 
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.