Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Is it possibble to Request.QueryString("page") ?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Is it possibble to Request.QueryString("page") ?
 Post Reply Post Reply Page  <12
Author
  Topic Search Topic Search  Topic Options Topic Options
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 25 June 2008 at 8:45am
The code will work with Web Wiz Forums.

However, the point I am trying to make is no matter were you use the code you have posted it is insecure.

Even if you use the code outside of Web Wiz Forums it is still insecure.

If you are going to do any type of coding you need to first learn about creating secure code, or you will find your own forum will be hacked in no time.

You need to have a look at things like SQL Injection, and Cross Site Scripting (XSS).

The code you presently have no matter were you have it on your site is wide open to XSS hacking.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
SkIpErMan View Drop Down
Newbie
Newbie
Avatar

Joined: 18 June 2008
Location: Sweden
Status: Offline
Points: 22 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SkIpErMan Quote  Post ReplyReply Direct Link To This Post Posted: 25 June 2008 at 4:01pm
There was alot  to read. I could not find any related about my cod. How ever I did found  a bite injection in NET. Anyway I do have cod that check all forms and inputs from users and also after but before any of my pages executes in to the cod above!
 
I made a test with a free version of Acunetix!
 
Acunetix Threat Level 0
No vulnerabilities have been discovered by the scanner
 
Target http://localhost:80/
Server banner Microsoft-IIS/5.1
Operating system Windows
Web server IIS 5.1
Technologies ASP,JRun
Scan progress
Start time 25/6/2008, 16:29:52
Finish time 25/6/2008, 16:41:21
Scan time 11 minutes
Scan iteration 1
Scanning mode Quick
Scanning stage Finished
Current module Finished 
Testing on Finished 
Current test Finished
Running tasks 0 ( 0 sub tasks )
Total number of requests 2504
Average response time (ms) 2355,96
 
 
You market a bit of my cod with red, so I guess that is the part of cod that are insecure. But I dont know why or how to secure it more than I have done allready!
 
/SkIpErMan


Edited by SkIpErMan - 25 June 2008 at 4:18pm
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 25 June 2008 at 5:13pm
This is how I would do it to be more secure, although this is just quick and more can be done:-



'Read in querystring into variable
strPage = Request.QueryString("page")

'Simple start but should stripout malicious user attempting to change the path to run a file outside of the forum directory
strPage = Replace(strPage, "/", "")
strPage = Replace(strPage, "\", "")
strPage = Replace(strPage, ".", "")


IF strPage  = "" THEN
               Server.Execute("default.asp")
               
ELSEIF strPage  = "home" OR strPage =
"forumindex" OR strPage  = "staffandmanagement" OR strPage  = "teamnews" THEN
               Server.Execute("ssi/"& strPage   &".asp")
               
ELSE

               Server.Execute("" & strPage  & ".asp")
END IF
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
SkIpErMan View Drop Down
Newbie
Newbie
Avatar

Joined: 18 June 2008
Location: Sweden
Status: Offline
Points: 22 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SkIpErMan Quote  Post ReplyReply Direct Link To This Post Posted: 28 June 2008 at 1:12am
Thanks for your reply!
 
I have work on my site hard for 9-10 month. Still learning and dont know everything. Its just school cod, examples, my own idees, friends and a teatcher. Have some learning skill from pascal that help me to think like if, else and some matematics.
 
I have check the Web Viz Forum cod to se how its build. It is professionell coded,look nice and it is clean. Its very diffrent from my school coding and hard to follow for me becuse I dont understand everything. But its good to se how pro do the cod, it gives alot!
 
Have some session, cupadmins, clanleader, trustee and have wrote special cod for this. Also the gaming cup have lots of co that are speciell. I still learning how to encrypting and solve som problems.
 
I am still interessted in Web Viz forum, but as usual, everone just whant to login once. I do know your API. I have to learn me your system first to se how I could rebuild my system. And the database, have some importen login issues that I need to the cups!
 
I realey need to fix this issues (login, database, session, admin) so they fits in together the site can go online.
 
Have found a good site about SHA-1, salt with low learning skill so Im testing an rebuilding my site I donĀ“t know what cod I am looking after. Have to check and learn before have queastions!
 
So aim bulding and rebulding with Web Wiz Forum  in mind!
 
Best regards
 
/ SkIpErMan
 
 
 
 
Back to Top
 Post Reply Post Reply Page  <12

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.