Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#3749 - 11/28/02 06:33 PM Known bugs or other stuff about Snitz Forum 2000?  
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror  Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
I just want to know if there are any bugs in that Snitz forum, and if there is any "backdoors" thrue blocks??

I want a safe forum on my site and i'm doing some research if my teacher is right this should be a safe forum? [snowboard]

In other words i would like to know if i can stop ppl getting thrue blocks on forums?
(if it's possible to get thrue a block)


*ZmaJL*
Sponsored Links
#3750 - 12/01/02 01:01 AM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner  Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
A secure BBS... ha ha ha

Any BBS will have holes and back doors man. Check it out.

http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=1;t=000265

this is the URL for this topic.

you have the normal URL

http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi

then the command stuff

This command say get topic, as opposed to post or delete or whatever other commands there are
?ubb=get_topic;

This say forum 1. I imagine the forum below this is forum 2
f=1;

Topic number 265
t=000265

Now if someone was to play with your URL long enough I am sure they could get somewhere they aren't supposed to be. Well with some skill.

Just make sure Passwords are encrypted and you exersise all security options you can. Also visit their site often and look for security updates.

#3751 - 12/01/02 03:22 AM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Mar 2002
Posts: 599
BackSlash Offline
UGN's Resident Homo
BackSlash  Offline
UGN's Resident Homo

Joined: Mar 2002
Posts: 599
TN
i got around a e-learning site doin that once, i saw that the free sample lesson was something like /course=1 so i tried putting in 2 and 3 and so forth, and got access to the full course.


"It's better to burn out, than to fade away."
#3752 - 12/01/02 03:46 AM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
There is no forum 2 lol... Go try it :x...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#3753 - 12/01/02 04:02 AM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner  Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
heh, cute. Deleted on when putting this puppy up hu?

Sponsored Links
#3754 - 12/01/02 07:35 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror  Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
anyone else who knows a bi more about this??
because i've tryed at my teachers forum (with his allowence of course) and i did just get to the "default page" the page wich includes all the forums. =) but that's good then or it maybe is another system/commandoes with the UBB to that page?


*ZmaJL*
#3755 - 12/02/02 03:45 AM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner  Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
each board will be a bit different. post an example URL of the main board then 1 level deeper etc etc etc. and I will break it down for you.

#3756 - 12/02/02 10:55 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror  Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
http://www.brunns-skola.org/piren/forum/default.asp

breaking it down is not the main reason to this topic, but i'm more curios about the systems.

Besides that adress leads to an adress that you need to be logged on to, the forum is no prob to register in but the page is, it aint something u can register on the net. But good luck any way=)

And i who thought that UBB was some good piece of shit=(


*ZmaJL*
#3757 - 12/03/02 12:50 AM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner  Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
Okay,

These forums are writen in ASP, Active Server Pages.

UBB is writen in Perl.

ASP is a microsoft server side scripting language. To find out how secure your forums are I would first learn ASP. Then study the code and look at how variables are passed. Now read any and all security bullitens dealing with ASP and Snitz Forums 2000.

Sometimes a language will comeout with a exploit in how variables are passed. That could and usally is a big hole in security on boards.

Second the Logon and password, how are they sent to the server? Is SSL used for the connection, or is is plain text all the way to the server. That is a big weakness.

Break down

http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

Root directory of the site
http://www.brunns-skola.org

Some blank page, Little html/javascript code to make it.
http://www.brunns-skola.org/piren
Code:
<link rel="stylesheet" href="stil.css" type="text/css">

<script language="JavaScript" src="bada.asp?id=1"></script>
Root directory of the Board
http://www.brunns-skola.org/piren/forum

This seems to actually include default.asp
you can get to the same page using both the below URLS
http://www.brunns-skola.org/piren/forum/forum.asp
http://www.brunns-skola.org/piren/forum/default.asp

This opens the Elever - diskussion forum, which was the 5th forum the web master created. Hence Forum_ID=5
http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

I hope I am helping.

#3758 - 12/03/02 03:37 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror  Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
Thx, for the info. Too bad it's a bit to advanced for me but i'll try to learn som ASP then as u said...


*ZmaJL*
Sponsored Links
#3759 - 12/04/02 12:52 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror  Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
Anyone who knows any good ASP docs then???


*ZmaJL*
#3760 - 12/04/02 03:12 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
I for one find ASP to be completely useless and worthless lol... I'd reccommend you learning PHP if anything.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#3761 - 12/04/02 07:24 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå×  Offline


Joined: Dec 2002
Posts: 3,255
Likes: 1
Maryland
I want to learn ASP as well. I'm not a big fan of Microcrooks, but I would like to be familar with the .net frame work.

AlienTerror I will see if I can find a few sites, if I do I will post them here. There are many boards out there is other languages though. ASP is not free, and harder to learn. As Gizmo pointed out PHP would be nice for you to learn. It is free, easy, fun, and very useful on the net.

I for one still want to learn ASP though.

#3762 - 12/04/02 10:34 PM Re: Known bugs or other stuff about Snitz Forum 2000?  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
::nod:: aka, useless lol... ASP isn't that hard, its about as hard as using SHTML lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics46,824
Posts81,994
Average Daily Posts10
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,988
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)