Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
May
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#3749 - 11/28/02 06:33 PM Known bugs or other stuff about Snitz Forum 2000?
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
I just want to know if there are any bugs in that Snitz forum, and if there is any "backdoors" thrue blocks??

I want a safe forum on my site and i'm doing some research if my teacher is right this should be a safe forum? [snowboard]

In other words i would like to know if i can stop ppl getting thrue blocks on forums?
(if it's possible to get thrue a block)


*ZmaJL*
Top
Sponsored Links
#3750 - 12/01/02 01:01 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
A secure BBS... ha ha ha

Any BBS will have holes and back doors man. Check it out.

http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=1;t=000265

this is the URL for this topic.

you have the normal URL

http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi

then the command stuff

This command say get topic, as opposed to post or delete or whatever other commands there are
?ubb=get_topic;

This say forum 1. I imagine the forum below this is forum 2
f=1;

Topic number 265
t=000265

Now if someone was to play with your URL long enough I am sure they could get somewhere they aren't supposed to be. Well with some skill.

Just make sure Passwords are encrypted and you exersise all security options you can. Also visit their site often and look for security updates.

Top
#3751 - 12/01/02 03:22 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Mar 2002
Posts: 599
BackSlash Offline
UGN's Resident Homo
BackSlash Offline
UGN's Resident Homo

Joined: Mar 2002
Posts: 599
TN
i got around a e-learning site doin that once, i saw that the free sample lesson was something like /course=1 so i tried putting in 2 and 3 and so forth, and got access to the full course.


"It's better to burn out, than to fade away."
Top
#3752 - 12/01/02 03:46 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
There is no forum 2 lol... Go try it :x...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#3753 - 12/01/02 04:02 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
heh, cute. Deleted on when putting this puppy up hu?

Top
#3754 - 12/01/02 07:35 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
anyone else who knows a bi more about this??
because i've tryed at my teachers forum (with his allowence of course) and i did just get to the "default page" the page wich includes all the forums. =) but that's good then or it maybe is another system/commandoes with the UBB to that page?


*ZmaJL*
Top
#3755 - 12/02/02 03:45 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
each board will be a bit different. post an example URL of the main board then 1 level deeper etc etc etc. and I will break it down for you.

Top
#3756 - 12/02/02 10:55 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
http://www.brunns-skola.org/piren/forum/default.asp

breaking it down is not the main reason to this topic, but i'm more curios about the systems.

Besides that adress leads to an adress that you need to be logged on to, the forum is no prob to register in but the page is, it aint something u can register on the net. But good luck any way=)

And i who thought that UBB was some good piece of shit=(


*ZmaJL*
Top
#3757 - 12/03/02 12:50 AM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
Okay,

These forums are writen in ASP, Active Server Pages.

UBB is writen in Perl.

ASP is a microsoft server side scripting language. To find out how secure your forums are I would first learn ASP. Then study the code and look at how variables are passed. Now read any and all security bullitens dealing with ASP and Snitz Forums 2000.

Sometimes a language will comeout with a exploit in how variables are passed. That could and usally is a big hole in security on boards.

Second the Logon and password, how are they sent to the server? Is SSL used for the connection, or is is plain text all the way to the server. That is a big weakness.

Break down

http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

Root directory of the site
http://www.brunns-skola.org

Some blank page, Little html/javascript code to make it.
http://www.brunns-skola.org/piren
Code:
<link rel="stylesheet" href="stil.css" type="text/css">

<script language="JavaScript" src="bada.asp?id=1"></script>
Root directory of the Board
http://www.brunns-skola.org/piren/forum

This seems to actually include default.asp
you can get to the same page using both the below URLS
http://www.brunns-skola.org/piren/forum/forum.asp
http://www.brunns-skola.org/piren/forum/default.asp

This opens the Elever - diskussion forum, which was the 5th forum the web master created. Hence Forum_ID=5
http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

I hope I am helping.

Top
#3758 - 12/03/02 03:37 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
Thx, for the info. Too bad it's a bit to advanced for me but i'll try to learn som ASP then as u said...


*ZmaJL*
Top
#3759 - 12/04/02 12:52 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Sep 2002
Posts: 129
AlienTerror Offline
Member
AlienTerror Offline
Member

Joined: Sep 2002
Posts: 129
Sweden
Anyone who knows any good ASP docs then???


*ZmaJL*
Top
#3760 - 12/04/02 03:12 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
I for one find ASP to be completely useless and worthless lol... I'd reccommend you learning PHP if anything.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#3761 - 12/04/02 07:24 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
I want to learn ASP as well. I'm not a big fan of Microcrooks, but I would like to be familar with the .net frame work.

AlienTerror I will see if I can find a few sites, if I do I will post them here. There are many boards out there is other languages though. ASP is not free, and harder to learn. As Gizmo pointed out PHP would be nice for you to learn. It is free, easy, fun, and very useful on the net.

I for one still want to learn ASP though.


My New site OpenEyes
Top
#3762 - 12/04/02 10:34 PM Re: Known bugs or other stuff about Snitz Forum 2000?
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
::nod:: aka, useless lol... ASP isn't that hard, its about as hard as using SHTML lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics45,543
Posts80,711
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 38,707
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 3 guests and 1 spider.
Latest News