Web Wiz - Green Windows Web Hosting

Login

Web Wiz Homepage

Forum Home

Forum Home > Web Wiz Web App Support Forums > Web Wiz Forums

New Posts

RSS Feed - Security Hole

FAQ

FAQ

Register

Login

Security Hole

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
pig killer Members Profile Find Members Posts Newbie Joined: 27 July 2003 Status: Offline Points: 3	Post Options Post Reply Quote pig killer Report Post Thanks(0) Quote Reply Topic: Security Hole Posted: 27 July 2003 at 11:16am
	Hi! I want to Purchase license of your forum. Can I expect, that if in web wiz forum were found security holes, you would operatively eliminate it? (for example, http://forums.webwiz.net/forum_posts.asp?TID=2271 � is still work).

pig killer Members Profile Find Members Posts Newbie Joined: 27 July 2003 Status: Offline Points: 3	Post Options Post Reply Quote pig killer Report Post Thanks(0) Quote Reply Posted: 27 July 2003 at 12:40pm
	Hi again! new bug: When I post replay message with mode=quote, forum does not check permission on forum == i can post and read message in any forum!

pig killer Members Profile Find Members Posts Newbie Joined: 27 July 2003 Status: Offline Points: 3	Post Options Post Reply Quote pig killer Report Post Thanks(0) Quote Reply Posted: 27 July 2003 at 10:12pm
	Hi. Solution for security hole in post_message_form.asp: 1. .................. If strMode = "quote" Then '##################### Changes: check permission to topic 'Query the database rsCommon.Open strSQL, adoCon If NOT rsCommon.EOF Then '##################### ... 'Get the number this thread is after intTotalNumOfThreads = Request.QueryString("NOP") 'Get the return thread page intRecordPositionPageNum = Request.QueryString("TPN") 'Get the message from the database 'Initialise the sql query to get the thread details to be quoted strSQL = "SELECT " & strDbTable & "Author.Author_ID, " & strDbTable & "Author.Username, " & strDbTable & "Thread.Message " strSQL = strSQL & "FROM " & strDbTable & "Thread INNER JOIN " & strDbTable & "Author ON " & strDbTable & "Thread.Author_ID = " & strDbTable & "Author.Author_ID " strSQL = strSQL & "WHERE " & strDbTable & "Thread.Thread_ID = " & CLng(Request.QueryString("PID")) '######################### Changes - close database connection 'Reset server object rsCommon.Close ......... END IF

Post Reply

Forum Jump

Forum Permissions View Drop Down

View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.