UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#3749 - 11/28/02 01:33 PM Known bugs or other stuff about Snitz Forum 2000?
AlienTerror Offline
Member

Registered: 09/10/02
Posts: 129
Loc: Sweden
I just want to know if there are any bugs in that Snitz forum, and if there is any "backdoors" thrue blocks??

I want a safe forum on my site and i'm doing some research if my teacher is right this should be a safe forum? [snowboard]

In other words i would like to know if i can stop ppl getting thrue blocks on forums?
(if it's possible to get thrue a block)
_________________________
*ZmaJL*

Top
Sponsored Links
      
#3750 - 11/30/02 08:01 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Le4rner Offline
UGN Supporter

Registered: 03/05/02
Posts: 562
A secure BBS... ha ha ha

Any BBS will have holes and back doors man. Check it out.

http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=1;t=000265

this is the URL for this topic.

you have the normal URL

http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi

then the command stuff

This command say get topic, as opposed to post or delete or whatever other commands there are
?ubb=get_topic;

This say forum 1. I imagine the forum below this is forum 2
f=1;

Topic number 265
t=000265

Now if someone was to play with your URL long enough I am sure they could get somewhere they aren't supposed to be. Well with some skill.

Just make sure Passwords are encrypted and you exersise all security options you can. Also visit their site often and look for security updates.
_________________________
http://promodtecnologies.com/rrfn

Top
#3751 - 11/30/02 10:22 PM Re: Known bugs or other stuff about Snitz Forum 2000?
BackSlash Offline
UGN's Resident Homo

Registered: 03/16/02
Posts: 599
Loc: TN
i got around a e-learning site doin that once, i saw that the free sample lesson was something like /course=1 so i tried putting in 2 and 3 and so forth, and got access to the full course.
_________________________
"It's better to burn out, than to fade away."

Top
#3752 - 11/30/02 10:46 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
There is no forum 2 lol... Go try it :x...
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#3753 - 11/30/02 11:02 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Le4rner Offline
UGN Supporter

Registered: 03/05/02
Posts: 562
heh, cute. Deleted on when putting this puppy up hu?
_________________________
http://promodtecnologies.com/rrfn

Top
#3754 - 12/01/02 02:35 PM Re: Known bugs or other stuff about Snitz Forum 2000?
AlienTerror Offline
Member

Registered: 09/10/02
Posts: 129
Loc: Sweden
anyone else who knows a bi more about this??
because i've tryed at my teachers forum (with his allowence of course) and i did just get to the "default page" the page wich includes all the forums. =) but that's good then or it maybe is another system/commandoes with the UBB to that page?
_________________________
*ZmaJL*

Top
#3755 - 12/01/02 10:45 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Le4rner Offline
UGN Supporter

Registered: 03/05/02
Posts: 562
each board will be a bit different. post an example URL of the main board then 1 level deeper etc etc etc. and I will break it down for you.
_________________________
http://promodtecnologies.com/rrfn

Top
#3756 - 12/02/02 05:55 PM Re: Known bugs or other stuff about Snitz Forum 2000?
AlienTerror Offline
Member

Registered: 09/10/02
Posts: 129
Loc: Sweden
http://www.brunns-skola.org/piren/forum/default.asp

breaking it down is not the main reason to this topic, but i'm more curios about the systems.

Besides that adress leads to an adress that you need to be logged on to, the forum is no prob to register in but the page is, it aint something u can register on the net. But good luck any way=)

And i who thought that UBB was some good piece of shit=(
_________________________
*ZmaJL*

Top
#3757 - 12/02/02 07:50 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Le4rner Offline
UGN Supporter

Registered: 03/05/02
Posts: 562
Okay,

These forums are writen in ASP, Active Server Pages.

UBB is writen in Perl.

ASP is a microsoft server side scripting language. To find out how secure your forums are I would first learn ASP. Then study the code and look at how variables are passed. Now read any and all security bullitens dealing with ASP and Snitz Forums 2000.

Sometimes a language will comeout with a exploit in how variables are passed. That could and usally is a big hole in security on boards.

Second the Logon and password, how are they sent to the server? Is SSL used for the connection, or is is plain text all the way to the server. That is a big weakness.

Break down

http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

Root directory of the site
http://www.brunns-skola.org

Some blank page, Little html/javascript code to make it.
http://www.brunns-skola.org/piren
Code:
<link rel="stylesheet" href="stil.css" type="text/css">

<script language="JavaScript" src="bada.asp?id=1"></script>
Root directory of the Board
http://www.brunns-skola.org/piren/forum

This seems to actually include default.asp
you can get to the same page using both the below URLS
http://www.brunns-skola.org/piren/forum/forum.asp
http://www.brunns-skola.org/piren/forum/default.asp

This opens the Elever - diskussion forum, which was the 5th forum the web master created. Hence Forum_ID=5
http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

I hope I am helping.
_________________________
http://promodtecnologies.com/rrfn

Top
#3758 - 12/03/02 10:37 AM Re: Known bugs or other stuff about Snitz Forum 2000?
AlienTerror Offline
Member

Registered: 09/10/02
Posts: 129
Loc: Sweden
Thx, for the info. Too bad it's a bit to advanced for me but i'll try to learn som ASP then as u said...
_________________________
*ZmaJL*

Top
#3759 - 12/04/02 07:52 AM Re: Known bugs or other stuff about Snitz Forum 2000?
AlienTerror Offline
Member

Registered: 09/10/02
Posts: 129
Loc: Sweden
Anyone who knows any good ASP docs then???
_________________________
*ZmaJL*

Top
#3760 - 12/04/02 10:12 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
I for one find ASP to be completely useless and worthless lol... I'd reccommend you learning PHP if anything.
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#3761 - 12/04/02 02:24 PM Re: Known bugs or other stuff about Snitz Forum 2000?
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
I want to learn ASP as well. I'm not a big fan of Microcrooks, but I would like to be familar with the .net frame work.

AlienTerror I will see if I can find a few sites, if I do I will post them here. There are many boards out there is other languages though. ASP is not free, and harder to learn. As Gizmo pointed out PHP would be nice for you to learn. It is free, easy, fun, and very useful on the net.

I for one still want to learn ASP though.
_________________________
My New site OpenEyes

Top
#3762 - 12/04/02 05:34 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
::nod:: aka, useless lol... ASP isn't that hard, its about as hard as using SHTML lol...
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top

Moderator:  Infinite 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
35109 Topics
70279 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28271
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 425 Guests and 283 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!