Location
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=15373
Printed Date: 13 April 2026 at 6:45am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Location
Posted By: deathchaoz
Subject: Location
Date Posted: 06 June 2005 at 12:13am
| Someone changed their location to their name on the web wiz forum I use, How could they have done it? |
Replies:
Posted By: sfd19
Date Posted: 06 June 2005 at 7:35am
|
By manipulating the form submission on register.asp To prevent it you must add a check that the submitted country matches one of your list. Also, you should seriously warn that user. ------------- Politics, economy & social issues: http://www.studentsfordemocracy.net - StudentsforDemocracy.net |
Posted By: dj air
Date Posted: 06 June 2005 at 8:19am
|
this can be seen as a security hole. i'll let boRg know about this |
Posted By: deathchaoz
Date Posted: 06 June 2005 at 10:15am
Happen to be able to tell me how? |
sfd19 wrote:Posted By: sfd19
Date Posted: 06 June 2005 at 4:47pm
|
You would have add a table to the database and put all country names in
it. Then you had to change the country submission form on register.asp.
Plus, plus, plus,..,.. I doubt that it's worth the time since unlike dj air I do not see it as a security hole. The country gets checked for invalid tags and SQL injection, so there won't be a problem with it. Warn the user and if he does it again, ban him. As a user, you need to have some knowledge to manipulate the form submission, so that problem will not occur very often, if it does ever happen again at all. ------------- Politics, economy & social issues: http://www.studentsfordemocracy.net - StudentsforDemocracy.net |
Posted By: dpyers
Date Posted: 06 June 2005 at 10:15pm
|
One way of doing it is to copy source to your pc, make whatever changes tou want to dropdowns, and run the source from your pc.
Form handlers however should check that the http_referrer they get is from their domain. ------------- 
Lead me not into temptation... I know the short cut, follow me. |
Posted By: WebWiz-Bruce
Date Posted: 07 June 2005 at 9:48am
|
This isn't really a security whole, in fact I have done it myself using standard Firefox plugins. The country drop down doesn't check if the country entered is in the list as user may change the list or even change it to a text field and let the users type their own country in. Instead to keep security the country that the users enters is run through security filters to filter out an malicious code that the user may try and enter. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |