Security holes (No support email?)
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=6275
Printed Date: 03 April 2026 at 1:12pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Security holes (No support email?)
Posted By: Enos Shenk
Subject: Security holes (No support email?)
Date Posted: 09 October 2003 at 12:08am
Hiya,
Im a user on another forum that runs this software and some friends and
i discovered some nasty security holes in version 6.34. Im just
attempting to let anyone responsible know. For obvious reasons im not
about to post how to do these, but we managed to:
Post in locked threads
Post in rank-restricted forums
View Moderator-Only forums and threads
and post in the above Moderator Only threads.
I emailed the folks in charge on the other forum which is
http://www.tippmann.com and i figured i should come here and email this
to any bug report or support address. Unfortunately i see the author
has removed any address from this site. Hm.
A little shocked to see version 7.5 and tippmann is running 6.34, so im
hoping these issues were most likely detected long ago and fixed.
If not, anyone responsible for development on this forum thats
interested, just drop a note here with some email address and ill send
along a file i made of how these holes were exploited.
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 09 October 2003 at 3:55am
These are all known issues with versions below version 7 beta 1 of the software.
All these have been fixed more than a year ago with the release of version 7.x of Web Wiz Forums.
In version 7.x of web wiz forums new more powerful security options
have been set for forums, also a different way of detecting which forum
the user is in and user group.
When topics are loaded they are now backwardly checked in the ASP code
which forum they are part of before checking permisisons instead of
relying on querystrings like in 6.x of the forum which could be
changed to fool the file into getting permisions for the wrong forum
for that topic.
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: WebWiz-Bruce
Date Posted: 09 October 2003 at 4:10am
There are quite a few other issues that it is recommneded that all
users should upgrade to the latest version as there are more security
holes in version 6.x than just you have mentioned.
Reasons to upgrade from 6.x to 7.5 are:-
- Improved security
- Improved performance by over 500% of some files
- Imporved malcious code filters
- 160bit Encryption of passwords with salt value to prevent hackers getting hold of admin passwords etc.
- Imporved SQL injection measures and filters
- Anti-spam remote robot attack/spamming measures
- Security graphic images for new registration and login to prevent remote attacks
- Session ID's checked to prevent remote attacks
- All Form/QueryString and user input checked for malicious code input
- IP banning and email domain banning
- More powerful security options for forums
These are just a few of the security improvements between version 6.x and 7.5 of Web Wiz Forums.
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
|