This Forum Software Can Be Very Programmer Hostile
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=28736
Printed Date: 28 March 2026 at 12:37pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: This Forum Software Can Be Very Programmer Hostile
Posted By: Coco Brown
Subject: This Forum Software Can Be Very Programmer Hostile
Date Posted: 26 July 2010 at 4:19pm
It's great that such attention is taken to security. However, I run a small forum that caters to C++ programmers who develop plugins for our company's application. As a result, there are a lot of code fragments posted that trip these security filters.
For example, searching on "MSG_UPDATE", a standard command in our proprietary scripting language, will trip an SQL Injection warning. The CODE tag does not stop the forum from formatting something like:
The above was an array with an index of "i", but you can see it went ahead and treated it like the BBcode for italicizing.
Just a heads up.
|
Replies:
Posted By: Coco Brown
Date Posted: 26 July 2010 at 4:59pm
And I tested the _SELECT bit on this forum and I got:
Server Error in Forum Application
WARNING: SQL Injection attack detected.
Please contact the Forum Administrator.
Support Error Code:- err_SQLServer_SqlInjectionTest()
File Name:- functions_common.asp
Forum Version:- 10 alpha build 20091210
Error details:-
Try it. Do a search on "_select". When you get the results click on "View Topic" on any result. You will get the above error message.
As I said, not very friendly to searching out code.
|
Posted By: WebWiz-Bruce
Date Posted: 27 July 2010 at 9:40am
Will look in to this and getting a fix.
The _select one you mention in your second post has been fixed for the latest 9.x version.
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: WebWiz-Bruce
Date Posted: 27 July 2010 at 2:10pm
The issue appears to be with the underscore _ due to URL encoding.
You can fix this issue by editing the file forum_posts.asp and adding the line below at line 183:-
'Decode URL underscore to prevent keyword search issues
strPageQueryString = Replace(strPageQueryString, "%5F", "_")
|
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
|