Re: [WebDNA] WebDNA code displaying on page

This WebDNA talk-list message is from

2012


It keeps the original formatting.
numero = 110012
interpreted = N
texte = --Apple-Mail=_9477999A-F9DA-4BF3-B916-D04FAD74F2EE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Brilliant idea. Already running mod_rewrite globally so quick and easy. = Thanks. On Dec 12, 2012, at 1:20 PM, Steve Raslevich = wrote: >=20 >=20 > I addressed the &!=3D >=20 > by placing: >=20 > RewriteEngine on > RewriteCond %{QUERY_STRING} \! > RewriteRule . - [F] >=20 > in an .htaccess file in the site's root directory >=20 > Michael Davis wrote: >>=20 >> I have one server running 6.2 also. The script below works well as a = pre-parse script, except in the case of the exclamation mark. By adding = &!=3D to the end of a URL I can cause my WebDNA server to stop running = momentarily. Can anyone else confirm this on a 6.2 install? >>=20 >>=20 >> On Dec 12, 2012, at 12:26 PM, Steve Raslevich = wrote: >>=20 >>> Thanks everyone. >>>=20 >>> Adding the redirects to the pre-parse script did the trick >>>=20 >>> Daniel Meola wrote: >>>>=20 >>>> Sorry about that, delete the first [/!] >>>>=20 >>>> It is the exact code I use, but part of a larger file. >>>>=20 >>>> Daniel Meola >>>> 301-486-0901 >>>> daniel@knifecenter.com >>>>=20 >>>>=20 >>>>=20 >>>> On Wed, Dec 12, 2012 at 2:56 PM, Steve Raslevich = wrote: >>>> Hi Dan, >>>>=20 >>>> Thanks for the code. Is this the exact code you are using? I = pasted it into the top of a template and am getting this at the top of = the page: >>>>=20 >>>> Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]=20= >>>>=20 >>>>=20 >>>> Thanks, >>>> Steve >>>>=20 >>>> Daniel Meola wrote: >>>>>=20 >>>>> You include this at the top of all pages: >>>>>=20 >>>>>=20 >>>>> [/!][!]Prevent tag hacking[/!][!] >>>>> [/!][!]--- START: to plug up the security hole of when URL hacker = passes a webdna context name as a formvar---[/!][!] >>>>> [/!][formvariables name=3D!][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Daddfields][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Daddlineitem][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dappend][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dappendfile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dapplescript][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Darrayget][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Darrayset][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dauthenticate][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dboldwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dbrowsername][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcalcfilecrc32][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcapitalize][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcase][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dclearlineitems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dclosedatabase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcommand][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dcommitdatabase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dconvertchars][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dconvertwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcopyfile][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dcopyfolder][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcountchars][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcountwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcreatefolder][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Ddate][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dddeconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dddesend][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Ddecrypt][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Ddelete][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Ddeletefile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Ddeletefolder][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Ddos][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Delapsedtime][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Delse][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dencrypt][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dexclusivelock][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfilecompare][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfileinfo][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dfindstring][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dflushcache][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dflushdatabases][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dformat][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dformat][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dformvariables][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfounditems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfreememory][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfunction][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dgetchars][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dgetcookie][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dgetmimeheader][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dgrep][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhideif][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhtml1][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhtml2][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhtml3][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhttpmethod][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dif][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dinclude][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dinput][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dinterpret][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dipaddress][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dissecureclient][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlastautonumner][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlastrandom][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlineitems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistchars][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistcookies][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistdatabases][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistfields][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistfiles][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistmimeheaders][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistpath][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistvariables][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlookup][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dlookup][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dloop][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dlowercase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dmath][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dmiddle][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dmovefile][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dobject][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dorderfile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dpassword][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dplatform][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dproduct][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dprotect][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dpurchase][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Drandom][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Draw][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dredirect][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dreferrer][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dremovehtml][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dremovelineitem][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dreplace][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dreplacefounditems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dreturn][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dreturnraw][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dscope][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsearch][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsendmail][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetcookie][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetheader][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetlineitem][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetmimeheader][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dshell][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dshowif][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dshownext][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dspawn][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsql][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsql][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqldisconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlexecute][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlinfo][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlrelease][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlresult][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dswitch][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtable][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtcpconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dtcpsend][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtext][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dthen][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dthisurl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtime][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dunurl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Duppercase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Durl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dusername][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dvalidcard][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dversion][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dversion][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dwaitforfile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dwritefile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlnode][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlnodes][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlnodesattributes][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlparse][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxsl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxslt][redirect /][/formvariables][!] >>>>> [/!][!]--- END: to plug up the security hole of when URL hacker = passes a webdna context name as a formvar---[/!] >>>>>=20 >>>>> Daniel Meola >>>>> 301-486-0901 >>>>> daniel@knifecenter.com >>>>>=20 >>>>>=20 >>>>>=20 >>>>> On Wed, Dec 12, 2012 at 2:44 PM, Terry Wilson = wrote: >>>>> This exploit was discovered a few years back, but I thought it was = fixed, or a fix was announced or something. I forget. >>>>>=20 >>>>> Terry >>>>>=20 >>>>>=20 >>>>>=20 >>>>> Hi, >>>>>=20 >>>>> I am running V6.2 on CentOS 5.8 and have found instances where = WebDNA code displays on a page if certain WebDNA tags are in the URL. >>>>>=20 >>>>> I thought it was something I was doing but this appears to happen = on the www.webdna.us site as well. >>>>>=20 >>>>> http://www.webdna.us/page.dna?text=3D >>>>> takes you to a page that shows only webdna code >>>>>=20 >>>>> http://www.webdna.us/page.dna?numero=3D56&text=3D >>>>> adds a line of text above the navigation row in the red background = (need to mouse over to see it - text is same color as red background) >>>>>=20 >>>>>=20 >>>>> I first experienced this with !=3D and fixed it by putting a = RewriteRule in an .htaccess file in the site's root folder >>>>>=20 >>>>> Today I tried a few other tags and found others. I haven't checked = all the tags just a handful. >>>>>=20 >>>>> text=3D >>>>> math=3D >>>>> format=3D >>>>>=20 >>>>> Anyone else experience this, have a fix or suggestion? >>>>>=20 >>>>> Thanks, >>>>> Steve >>>>>=20 >>>>>=20 >>>>> --------------------------------------------------------- >>>>> This message is sent to you because you are subscribed to >>>>> the mailing list . >>>>> To unsubscribe, E-mail to: >>>>> archives: http://mail.webdna.us/list/talk@webdna.us >>>>> Bug Reporting: support@webdna.us >>>>>=20 >>>>>=20 >>>>> --=20 >>>>> Terry Wilson | terry@terryfic.com | http://terryfic.com >>>>> http://WhosComing.com - a simplified, affordable online = reservation system >>>>> iStockPhoto portfolio - = http://www.istockphoto.com/Terryfic3D?refnum=3DTerryfic3D >>>>> = --------------------------------------------------------------------------= >>>>> Attitude is the only difference between ordeal and adventure. >>>>>=20 >>>>> --------------------------------------------------------- >>>>> This message is sent to you because you are subscribed to >>>>> the mailing list . >>>>> To unsubscribe, E-mail to: >>>>> archives: http://mail.webdna.us/list/talk@webdna.us >>>>> Bug Reporting: support@webdna.us >>>>>=20 >>>>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>>>=20 >>>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_9477999A-F9DA-4BF3-B916-D04FAD74F2EE Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=iso-8859-1 Brilliant idea.  Already running mod_rewrite globally so quick and easy. Thanks.


On Dec 12, 2012, at 1:20 PM, Steve Raslevich <WebDNA@northernsoundandlight.com> wrote:



I addressed the  &!=

by placing:

RewriteEngine on
RewriteCond %{QUERY_STRING} \!
RewriteRule . - [F]

in an .htaccess file in the site's root directory

Michael Davis wrote:
I have one server running 6.2 also.  The script below works well as a pre-parse script, except in the case of the exclamation mark.  By adding &!= to the end of a URL I can cause my WebDNA server to stop running momentarily.  Can anyone else confirm this on a 6.2 install?


On Dec 12, 2012, at 12:26 PM, Steve Raslevich <WebDNA@northernsoundandlight.com> wrote:

Thanks everyone.

Adding the redirects to the pre-parse script did the trick

Daniel Meola wrote:
Sorry about that, delete the first [/!]

It is the exact code I use, but part of a larger file.

Daniel Meola



On Wed, Dec 12, 2012 at 2:56 PM, Steve Raslevich <WebDNA@northernsoundandlight.com> wrote:
Hi Dan,

Thanks for the code. Is this the exact code you are using?  I pasted it into the top of a template and am getting this at the top of the page:

Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]


Thanks,
Steve

Daniel Meola wrote:
You include this at the top of all pages:


[/!][!]Prevent tag hacking[/!][!]
[/!][!]--- START: to plug up the security hole of when URL hacker passes a webdna context name as a formvar---[/!][!]
[/!][formvariables name=!][redirect /][/formvariables][!]
[/!][formvariables name=addfields][redirect /][/formvariables][!]
[/!][formvariables name=addlineitem][redirect /][/formvariables][!]
[/!][formvariables name=append][redirect /][/formvariables][!]
[/!][formvariables name=appendfile][redirect /][/formvariables][!]
[/!][formvariables name=applescript][redirect /][/formvariables][!]
[/!][formvariables name=arrayget][redirect /][/formvariables][!]
[/!][formvariables name=arrayset][redirect /][/formvariables][!]
[/!][formvariables name=authenticate][redirect /][/formvariables][!]
[/!][formvariables name=boldwords][redirect /][/formvariables][!]
[/!][formvariables name=browsername][redirect /][/formvariables][!]
[/!][formvariables name=calcfilecrc32][redirect /][/formvariables][!]
[/!][formvariables name=capitalize][redirect /][/formvariables][!]
[/!][formvariables name=case][redirect /][/formvariables][!]
[/!][formvariables name=clearlineitems][redirect /][/formvariables][!]
[/!][formvariables name=closedatabase][redirect /][/formvariables][!]
[/!][formvariables name=command][redirect /][/formvariables][!]
[/!][formvariables name=commitdatabase][redirect /][/formvariables][!]
[/!][formvariables name=convertchars][redirect /][/formvariables][!]
[/!][formvariables name=convertwords][redirect /][/formvariables][!]
[/!][formvariables name=copyfile][redirect /][/formvariables][!]
[/!][formvariables name=copyfolder][redirect /][/formvariables][!]
[/!][formvariables name=countchars][redirect /][/formvariables][!]
[/!][formvariables name=countwords][redirect /][/formvariables][!]
[/!][formvariables name=createfolder][redirect /][/formvariables][!]
[/!][formvariables name=date][redirect /][/formvariables][!]
[/!][formvariables name=ddeconnect][redirect /][/formvariables][!]
[/!][formvariables name=ddesend][redirect /][/formvariables][!]
[/!][formvariables name=decrypt][redirect /][/formvariables][!]
[/!][formvariables name=delete][redirect /][/formvariables][!]
[/!][formvariables name=deletefile][redirect /][/formvariables][!]
[/!][formvariables name=deletefolder][redirect /][/formvariables][!]
[/!][formvariables name=dos][redirect /][/formvariables][!]
[/!][formvariables name=elapsedtime][redirect /][/formvariables][!]
[/!][formvariables name=else][redirect /][/formvariables][!]
[/!][formvariables name=encrypt][redirect /][/formvariables][!]
[/!][formvariables name=exclusivelock][redirect /][/formvariables][!]
[/!][formvariables name=filecompare][redirect /][/formvariables][!]
[/!][formvariables name=fileinfo][redirect /][/formvariables][!]
[/!][formvariables name=findstring][redirect /][/formvariables][!]
[/!][formvariables name=flushcache][redirect /][/formvariables][!]
[/!][formvariables name=flushdatabases][redirect /][/formvariables][!]
[/!][formvariables name=format][redirect /][/formvariables][!]
[/!][formvariables name=format][redirect /][/formvariables][!]
[/!][formvariables name=formvariables][redirect /][/formvariables][!]
[/!][formvariables name=founditems][redirect /][/formvariables][!]
[/!][formvariables name=freememory][redirect /][/formvariables][!]
[/!][formvariables name=function][redirect /][/formvariables][!]
[/!][formvariables name=getchars][redirect /][/formvariables][!]
[/!][formvariables name=getcookie][redirect /][/formvariables][!]
[/!][formvariables name=getmimeheader][redirect /][/formvariables][!]
[/!][formvariables name=grep][redirect /][/formvariables][!]
[/!][formvariables name=hideif][redirect /][/formvariables][!]
[/!][formvariables name=html1][redirect /][/formvariables][!]
[/!][formvariables name=html2][redirect /][/formvariables][!]
[/!][formvariables name=html3][redirect /][/formvariables][!]
[/!][formvariables name=httpmethod][redirect /][/formvariables][!]
[/!][formvariables name=if][redirect /][/formvariables][!]
[/!][formvariables name=include][redirect /][/formvariables][!]
[/!][formvariables name=input][redirect /][/formvariables][!]
[/!][formvariables name=interpret][redirect /][/formvariables][!]
[/!][formvariables name=ipaddress][redirect /][/formvariables][!]
[/!][formvariables name=issecureclient][redirect /][/formvariables][!]
[/!][formvariables name=lastautonumner][redirect /][/formvariables][!]
[/!][formvariables name=lastrandom][redirect /][/formvariables][!]
[/!][formvariables name=lineitems][redirect /][/formvariables][!]
[/!][formvariables name=listchars][redirect /][/formvariables][!]
[/!][formvariables name=listcookies][redirect /][/formvariables][!]
[/!][formvariables name=listdatabases][redirect /][/formvariables][!]
[/!][formvariables name=listfields][redirect /][/formvariables][!]
[/!][formvariables name=listfiles][redirect /][/formvariables][!]
[/!][formvariables name=listmimeheaders][redirect /][/formvariables][!]
[/!][formvariables name=listpath][redirect /][/formvariables][!]
[/!][formvariables name=listvariables][redirect /][/formvariables][!]
[/!][formvariables name=listwords][redirect /][/formvariables][!]
[/!][formvariables name=lookup][redirect /][/formvariables][!]
[/!][formvariables name=lookup][redirect /][/formvariables][!]
[/!][formvariables name=loop][redirect /][/formvariables][!]
[/!][formvariables name=lowercase][redirect /][/formvariables][!]
[/!][formvariables name=math][redirect /][/formvariables][!]
[/!][formvariables name=middle][redirect /][/formvariables][!]
[/!][formvariables name=movefile][redirect /][/formvariables][!]
[/!][formvariables name=object][redirect /][/formvariables][!]
[/!][formvariables name=orderfile][redirect /][/formvariables][!]
[/!][formvariables name=password][redirect /][/formvariables][!]
[/!][formvariables name=platform][redirect /][/formvariables][!]
[/!][formvariables name=product][redirect /][/formvariables][!]
[/!][formvariables name=protect][redirect /][/formvariables][!]
[/!][formvariables name=purchase][redirect /][/formvariables][!]
[/!][formvariables name=random][redirect /][/formvariables][!]
[/!][formvariables name=raw][redirect /][/formvariables][!]
[/!][formvariables name=redirect][redirect /][/formvariables][!]
[/!][formvariables name=referrer][redirect /][/formvariables][!]
[/!][formvariables name=removehtml][redirect /][/formvariables][!]
[/!][formvariables name=removelineitem][redirect /][/formvariables][!]
[/!][formvariables name=replace][redirect /][/formvariables][!]
[/!][formvariables name=replacefounditems][redirect /][/formvariables][!]
[/!][formvariables name=return][redirect /][/formvariables][!]
[/!][formvariables name=returnraw][redirect /][/formvariables][!]
[/!][formvariables name=scope][redirect /][/formvariables][!]
[/!][formvariables name=search][redirect /][/formvariables][!]
[/!][formvariables name=sendmail][redirect /][/formvariables][!]
[/!][formvariables name=setcookie][redirect /][/formvariables][!]
[/!][formvariables name=setheader][redirect /][/formvariables][!]
[/!][formvariables name=setlineitem][redirect /][/formvariables][!]
[/!][formvariables name=setmimeheader][redirect /][/formvariables][!]
[/!][formvariables name=shell][redirect /][/formvariables][!]
[/!][formvariables name=showif][redirect /][/formvariables][!]
[/!][formvariables name=shownext][redirect /][/formvariables][!]
[/!][formvariables name=spawn][redirect /][/formvariables][!]
[/!][formvariables name=sql][redirect /][/formvariables][!]
[/!][formvariables name=sql][redirect /][/formvariables][!]
[/!][formvariables name=sqlconnect][redirect /][/formvariables][!]
[/!][formvariables name=sqldisconnect][redirect /][/formvariables][!]
[/!][formvariables name=sqlexecute][redirect /][/formvariables][!]
[/!][formvariables name=sqlinfo][redirect /][/formvariables][!]
[/!][formvariables name=sqlrelease][redirect /][/formvariables][!]
[/!][formvariables name=sqlresult][redirect /][/formvariables][!]
[/!][formvariables name=switch][redirect /][/formvariables][!]
[/!][formvariables name=table][redirect /][/formvariables][!]
[/!][formvariables name=tcpconnect][redirect /][/formvariables][!]
[/!][formvariables name=tcpsend][redirect /][/formvariables][!]
[/!][formvariables name=text][redirect /][/formvariables][!]
[/!][formvariables name=then][redirect /][/formvariables][!]
[/!][formvariables name=thisurl][redirect /][/formvariables][!]
[/!][formvariables name=time][redirect /][/formvariables][!]
[/!][formvariables name=unurl][redirect /][/formvariables][!]
[/!][formvariables name=uppercase][redirect /][/formvariables][!]
[/!][formvariables name=url][redirect /][/formvariables][!]
[/!][formvariables name=username][redirect /][/formvariables][!]
[/!][formvariables name=validcard][redirect /][/formvariables][!]
[/!][formvariables name=version][redirect /][/formvariables][!]
[/!][formvariables name=version][redirect /][/formvariables][!]
[/!][formvariables name=waitforfile][redirect /][/formvariables][!]
[/!][formvariables name=writefile][redirect /][/formvariables][!]
[/!][formvariables name=xmlnode][redirect /][/formvariables][!]
[/!][formvariables name=xmlnodes][redirect /][/formvariables][!]
[/!][formvariables name=xmlnodesattributes][redirect /][/formvariables][!]
[/!][formvariables name=xmlparse][redirect /][/formvariables][!]
[/!][formvariables name=xsl][redirect /][/formvariables][!]
[/!][formvariables name=xslt][redirect /][/formvariables][!]
[/!][!]--- END: to plug up the security hole of when URL hacker passes a webdna context name as a formvar---[/!]




On Wed, Dec 12, 2012 at 2:44 PM, Terry Wilson <terry@terryfic.com> wrote:
This exploit was discovered a few years back, but I thought it was fixed, or a fix was announced or something. I forget.

Terry



Hi,

I am running V6.2 on CentOS 5.8 and have found instances where WebDNA code displays on a page if certain WebDNA tags are in the URL.

I thought it was something I was doing but this appears to happen on the www.webdna.us site as well.

http://www.webdna.us/page.dna?text=
takes you to a page that shows only webdna code

http://www.webdna.us/page.dna?numero=56&text=
adds a line of text above the navigation row in the red background (need to mouse over to see it - text is same color as red background)


I first experienced this with   !=  and fixed it by putting a RewriteRule in an .htaccess file in the site's root folder

Today I tried a few other tags and found others. I haven't checked all the tags just a handful.

text=
math=
format=

Anyone else experience this, have a fix or suggestion?

Thanks,
Steve


---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us


--
Terry Wilson | terry@terryfic.com | http://terryfic.com
http://WhosComing.com - a simplified, affordable online reservation system
iStockPhoto portfolio - http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D
--------------------------------------------------------------------------
Attitude is the only difference between ordeal and adventure.

---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

--Apple-Mail=_9477999A-F9DA-4BF3-B916-D04FAD74F2EE-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012)
  2. Re: [WebDNA] WebDNA code displaying on page (Tom Duke 2012)
  3. Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012)
  4. Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012)
  5. Re: [WebDNA] WebDNA code displaying on page (Govinda 2012)
  6. Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012)
  7. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  8. Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012)
  9. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  10. Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012)
  11. Re: [WebDNA] WebDNA code displaying on page (Brian Fries 2012)
  12. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  13. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  14. Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012)
  15. Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012)
  16. Re: [WebDNA] WebDNA code displaying on page (christophe.billiottet@webdna.us 2012)
--Apple-Mail=_9477999A-F9DA-4BF3-B916-D04FAD74F2EE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Brilliant idea. Already running mod_rewrite globally so quick and easy. = Thanks. On Dec 12, 2012, at 1:20 PM, Steve Raslevich = wrote: >=20 >=20 > I addressed the &!=3D >=20 > by placing: >=20 > RewriteEngine on > RewriteCond %{QUERY_STRING} \! > RewriteRule . - [F] >=20 > in an .htaccess file in the site's root directory >=20 > Michael Davis wrote: >>=20 >> I have one server running 6.2 also. The script below works well as a = pre-parse script, except in the case of the exclamation mark. By adding = &!=3D to the end of a URL I can cause my WebDNA server to stop running = momentarily. Can anyone else confirm this on a 6.2 install? >>=20 >>=20 >> On Dec 12, 2012, at 12:26 PM, Steve Raslevich = wrote: >>=20 >>> Thanks everyone. >>>=20 >>> Adding the redirects to the pre-parse script did the trick >>>=20 >>> Daniel Meola wrote: >>>>=20 >>>> Sorry about that, delete the first [/!] >>>>=20 >>>> It is the exact code I use, but part of a larger file. >>>>=20 >>>> Daniel Meola >>>> 301-486-0901 >>>> daniel@knifecenter.com >>>>=20 >>>>=20 >>>>=20 >>>> On Wed, Dec 12, 2012 at 2:56 PM, Steve Raslevich = wrote: >>>> Hi Dan, >>>>=20 >>>> Thanks for the code. Is this the exact code you are using? I = pasted it into the top of a template and am getting this at the top of = the page: >>>>=20 >>>> Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]=20= >>>>=20 >>>>=20 >>>> Thanks, >>>> Steve >>>>=20 >>>> Daniel Meola wrote: >>>>>=20 >>>>> You include this at the top of all pages: >>>>>=20 >>>>>=20 >>>>> [/!][!]Prevent tag hacking[/!][!] >>>>> [/!][!]--- START: to plug up the security hole of when URL hacker = passes a webdna context name as a formvar---[/!][!] >>>>> [/!][formvariables name=3D!][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Daddfields][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Daddlineitem][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dappend][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dappendfile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dapplescript][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Darrayget][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Darrayset][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dauthenticate][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dboldwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dbrowsername][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcalcfilecrc32][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcapitalize][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcase][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dclearlineitems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dclosedatabase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcommand][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dcommitdatabase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dconvertchars][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dconvertwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcopyfile][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dcopyfolder][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcountchars][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcountwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dcreatefolder][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Ddate][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dddeconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dddesend][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Ddecrypt][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Ddelete][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Ddeletefile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Ddeletefolder][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Ddos][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Delapsedtime][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Delse][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dencrypt][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dexclusivelock][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfilecompare][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfileinfo][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dfindstring][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dflushcache][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dflushdatabases][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dformat][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dformat][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dformvariables][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfounditems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfreememory][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dfunction][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dgetchars][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dgetcookie][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dgetmimeheader][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dgrep][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhideif][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhtml1][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhtml2][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhtml3][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dhttpmethod][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dif][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dinclude][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dinput][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dinterpret][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dipaddress][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dissecureclient][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlastautonumner][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlastrandom][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlineitems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistchars][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistcookies][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistdatabases][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistfields][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistfiles][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistmimeheaders][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistpath][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistvariables][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlistwords][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dlookup][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dlookup][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dloop][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dlowercase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dmath][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dmiddle][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dmovefile][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dobject][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dorderfile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dpassword][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dplatform][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dproduct][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dprotect][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dpurchase][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Drandom][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Draw][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dredirect][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dreferrer][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dremovehtml][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dremovelineitem][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dreplace][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dreplacefounditems][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dreturn][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dreturnraw][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dscope][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsearch][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsendmail][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetcookie][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetheader][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetlineitem][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsetmimeheader][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dshell][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dshowif][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dshownext][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dspawn][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsql][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsql][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqldisconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlexecute][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlinfo][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlrelease][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dsqlresult][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dswitch][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtable][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtcpconnect][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dtcpsend][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtext][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dthen][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dthisurl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dtime][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dunurl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Duppercase][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Durl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dusername][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dvalidcard][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dversion][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dversion][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dwaitforfile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dwritefile][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlnode][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlnodes][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlnodesattributes][redirect = /][/formvariables][!] >>>>> [/!][formvariables name=3Dxmlparse][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxsl][redirect /][/formvariables][!] >>>>> [/!][formvariables name=3Dxslt][redirect /][/formvariables][!] >>>>> [/!][!]--- END: to plug up the security hole of when URL hacker = passes a webdna context name as a formvar---[/!] >>>>>=20 >>>>> Daniel Meola >>>>> 301-486-0901 >>>>> daniel@knifecenter.com >>>>>=20 >>>>>=20 >>>>>=20 >>>>> On Wed, Dec 12, 2012 at 2:44 PM, Terry Wilson = wrote: >>>>> This exploit was discovered a few years back, but I thought it was = fixed, or a fix was announced or something. I forget. >>>>>=20 >>>>> Terry >>>>>=20 >>>>>=20 >>>>>=20 >>>>> Hi, >>>>>=20 >>>>> I am running V6.2 on CentOS 5.8 and have found instances where = WebDNA code displays on a page if certain WebDNA tags are in the URL. >>>>>=20 >>>>> I thought it was something I was doing but this appears to happen = on the www.webdna.us site as well. >>>>>=20 >>>>> http://www.webdna.us/page.dna?text=3D >>>>> takes you to a page that shows only webdna code >>>>>=20 >>>>> http://www.webdna.us/page.dna?numero=3D56&text=3D >>>>> adds a line of text above the navigation row in the red background = (need to mouse over to see it - text is same color as red background) >>>>>=20 >>>>>=20 >>>>> I first experienced this with !=3D and fixed it by putting a = RewriteRule in an .htaccess file in the site's root folder >>>>>=20 >>>>> Today I tried a few other tags and found others. I haven't checked = all the tags just a handful. >>>>>=20 >>>>> text=3D >>>>> math=3D >>>>> format=3D >>>>>=20 >>>>> Anyone else experience this, have a fix or suggestion? >>>>>=20 >>>>> Thanks, >>>>> Steve >>>>>=20 >>>>>=20 >>>>> --------------------------------------------------------- >>>>> This message is sent to you because you are subscribed to >>>>> the mailing list . >>>>> To unsubscribe, E-mail to: >>>>> archives: http://mail.webdna.us/list/talk@webdna.us >>>>> Bug Reporting: support@webdna.us >>>>>=20 >>>>>=20 >>>>> --=20 >>>>> Terry Wilson | terry@terryfic.com | http://terryfic.com >>>>> http://WhosComing.com - a simplified, affordable online = reservation system >>>>> iStockPhoto portfolio - = http://www.istockphoto.com/Terryfic3D?refnum=3DTerryfic3D >>>>> = --------------------------------------------------------------------------= >>>>> Attitude is the only difference between ordeal and adventure. >>>>>=20 >>>>> --------------------------------------------------------- >>>>> This message is sent to you because you are subscribed to >>>>> the mailing list . >>>>> To unsubscribe, E-mail to: >>>>> archives: http://mail.webdna.us/list/talk@webdna.us >>>>> Bug Reporting: support@webdna.us >>>>>=20 >>>>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>>>=20 >>>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_9477999A-F9DA-4BF3-B916-D04FAD74F2EE Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=iso-8859-1 Brilliant idea.  Already running mod_rewrite globally so quick and easy. Thanks.


On Dec 12, 2012, at 1:20 PM, Steve Raslevich <WebDNA@northernsoundandlight.com> wrote:



I addressed the  &!=

by placing:

RewriteEngine on
RewriteCond %{QUERY_STRING} \!
RewriteRule . - [F]

in an .htaccess file in the site's root directory

Michael Davis wrote:
I have one server running 6.2 also.  The script below works well as a pre-parse script, except in the case of the exclamation mark.  By adding &!= to the end of a URL I can cause my WebDNA server to stop running momentarily.  Can anyone else confirm this on a 6.2 install?


On Dec 12, 2012, at 12:26 PM, Steve Raslevich <WebDNA@northernsoundandlight.com> wrote:

Thanks everyone.

Adding the redirects to the pre-parse script did the trick

Daniel Meola wrote:
Sorry about that, delete the first [/!]

It is the exact code I use, but part of a larger file.

Daniel Meola



On Wed, Dec 12, 2012 at 2:56 PM, Steve Raslevich <WebDNA@northernsoundandlight.com> wrote:
Hi Dan,

Thanks for the code. Is this the exact code you are using?  I pasted it into the top of a template and am getting this at the top of the page:

Error: Error: expected [/FUNCTIONSPACE], but found [/!] instead[/!]


Thanks,
Steve

Daniel Meola wrote:
You include this at the top of all pages:


[/!][!]Prevent tag hacking[/!][!]
[/!][!]--- START: to plug up the security hole of when URL hacker passes a webdna context name as a formvar---[/!][!]
[/!][formvariables name=!][redirect /][/formvariables][!]
[/!][formvariables name=addfields][redirect /][/formvariables][!]
[/!][formvariables name=addlineitem][redirect /][/formvariables][!]
[/!][formvariables name=append][redirect /][/formvariables][!]
[/!][formvariables name=appendfile][redirect /][/formvariables][!]
[/!][formvariables name=applescript][redirect /][/formvariables][!]
[/!][formvariables name=arrayget][redirect /][/formvariables][!]
[/!][formvariables name=arrayset][redirect /][/formvariables][!]
[/!][formvariables name=authenticate][redirect /][/formvariables][!]
[/!][formvariables name=boldwords][redirect /][/formvariables][!]
[/!][formvariables name=browsername][redirect /][/formvariables][!]
[/!][formvariables name=calcfilecrc32][redirect /][/formvariables][!]
[/!][formvariables name=capitalize][redirect /][/formvariables][!]
[/!][formvariables name=case][redirect /][/formvariables][!]
[/!][formvariables name=clearlineitems][redirect /][/formvariables][!]
[/!][formvariables name=closedatabase][redirect /][/formvariables][!]
[/!][formvariables name=command][redirect /][/formvariables][!]
[/!][formvariables name=commitdatabase][redirect /][/formvariables][!]
[/!][formvariables name=convertchars][redirect /][/formvariables][!]
[/!][formvariables name=convertwords][redirect /][/formvariables][!]
[/!][formvariables name=copyfile][redirect /][/formvariables][!]
[/!][formvariables name=copyfolder][redirect /][/formvariables][!]
[/!][formvariables name=countchars][redirect /][/formvariables][!]
[/!][formvariables name=countwords][redirect /][/formvariables][!]
[/!][formvariables name=createfolder][redirect /][/formvariables][!]
[/!][formvariables name=date][redirect /][/formvariables][!]
[/!][formvariables name=ddeconnect][redirect /][/formvariables][!]
[/!][formvariables name=ddesend][redirect /][/formvariables][!]
[/!][formvariables name=decrypt][redirect /][/formvariables][!]
[/!][formvariables name=delete][redirect /][/formvariables][!]
[/!][formvariables name=deletefile][redirect /][/formvariables][!]
[/!][formvariables name=deletefolder][redirect /][/formvariables][!]
[/!][formvariables name=dos][redirect /][/formvariables][!]
[/!][formvariables name=elapsedtime][redirect /][/formvariables][!]
[/!][formvariables name=else][redirect /][/formvariables][!]
[/!][formvariables name=encrypt][redirect /][/formvariables][!]
[/!][formvariables name=exclusivelock][redirect /][/formvariables][!]
[/!][formvariables name=filecompare][redirect /][/formvariables][!]
[/!][formvariables name=fileinfo][redirect /][/formvariables][!]
[/!][formvariables name=findstring][redirect /][/formvariables][!]
[/!][formvariables name=flushcache][redirect /][/formvariables][!]
[/!][formvariables name=flushdatabases][redirect /][/formvariables][!]
[/!][formvariables name=format][redirect /][/formvariables][!]
[/!][formvariables name=format][redirect /][/formvariables][!]
[/!][formvariables name=formvariables][redirect /][/formvariables][!]
[/!][formvariables name=founditems][redirect /][/formvariables][!]
[/!][formvariables name=freememory][redirect /][/formvariables][!]
[/!][formvariables name=function][redirect /][/formvariables][!]
[/!][formvariables name=getchars][redirect /][/formvariables][!]
[/!][formvariables name=getcookie][redirect /][/formvariables][!]
[/!][formvariables name=getmimeheader][redirect /][/formvariables][!]
[/!][formvariables name=grep][redirect /][/formvariables][!]
[/!][formvariables name=hideif][redirect /][/formvariables][!]
[/!][formvariables name=html1][redirect /][/formvariables][!]
[/!][formvariables name=html2][redirect /][/formvariables][!]
[/!][formvariables name=html3][redirect /][/formvariables][!]
[/!][formvariables name=httpmethod][redirect /][/formvariables][!]
[/!][formvariables name=if][redirect /][/formvariables][!]
[/!][formvariables name=include][redirect /][/formvariables][!]
[/!][formvariables name=input][redirect /][/formvariables][!]
[/!][formvariables name=interpret][redirect /][/formvariables][!]
[/!][formvariables name=ipaddress][redirect /][/formvariables][!]
[/!][formvariables name=issecureclient][redirect /][/formvariables][!]
[/!][formvariables name=lastautonumner][redirect /][/formvariables][!]
[/!][formvariables name=lastrandom][redirect /][/formvariables][!]
[/!][formvariables name=lineitems][redirect /][/formvariables][!]
[/!][formvariables name=listchars][redirect /][/formvariables][!]
[/!][formvariables name=listcookies][redirect /][/formvariables][!]
[/!][formvariables name=listdatabases][redirect /][/formvariables][!]
[/!][formvariables name=listfields][redirect /][/formvariables][!]
[/!][formvariables name=listfiles][redirect /][/formvariables][!]
[/!][formvariables name=listmimeheaders][redirect /][/formvariables][!]
[/!][formvariables name=listpath][redirect /][/formvariables][!]
[/!][formvariables name=listvariables][redirect /][/formvariables][!]
[/!][formvariables name=listwords][redirect /][/formvariables][!]
[/!][formvariables name=lookup][redirect /][/formvariables][!]
[/!][formvariables name=lookup][redirect /][/formvariables][!]
[/!][formvariables name=loop][redirect /][/formvariables][!]
[/!][formvariables name=lowercase][redirect /][/formvariables][!]
[/!][formvariables name=math][redirect /][/formvariables][!]
[/!][formvariables name=middle][redirect /][/formvariables][!]
[/!][formvariables name=movefile][redirect /][/formvariables][!]
[/!][formvariables name=object][redirect /][/formvariables][!]
[/!][formvariables name=orderfile][redirect /][/formvariables][!]
[/!][formvariables name=password][redirect /][/formvariables][!]
[/!][formvariables name=platform][redirect /][/formvariables][!]
[/!][formvariables name=product][redirect /][/formvariables][!]
[/!][formvariables name=protect][redirect /][/formvariables][!]
[/!][formvariables name=purchase][redirect /][/formvariables][!]
[/!][formvariables name=random][redirect /][/formvariables][!]
[/!][formvariables name=raw][redirect /][/formvariables][!]
[/!][formvariables name=redirect][redirect /][/formvariables][!]
[/!][formvariables name=referrer][redirect /][/formvariables][!]
[/!][formvariables name=removehtml][redirect /][/formvariables][!]
[/!][formvariables name=removelineitem][redirect /][/formvariables][!]
[/!][formvariables name=replace][redirect /][/formvariables][!]
[/!][formvariables name=replacefounditems][redirect /][/formvariables][!]
[/!][formvariables name=return][redirect /][/formvariables][!]
[/!][formvariables name=returnraw][redirect /][/formvariables][!]
[/!][formvariables name=scope][redirect /][/formvariables][!]
[/!][formvariables name=search][redirect /][/formvariables][!]
[/!][formvariables name=sendmail][redirect /][/formvariables][!]
[/!][formvariables name=setcookie][redirect /][/formvariables][!]
[/!][formvariables name=setheader][redirect /][/formvariables][!]
[/!][formvariables name=setlineitem][redirect /][/formvariables][!]
[/!][formvariables name=setmimeheader][redirect /][/formvariables][!]
[/!][formvariables name=shell][redirect /][/formvariables][!]
[/!][formvariables name=showif][redirect /][/formvariables][!]
[/!][formvariables name=shownext][redirect /][/formvariables][!]
[/!][formvariables name=spawn][redirect /][/formvariables][!]
[/!][formvariables name=sql][redirect /][/formvariables][!]
[/!][formvariables name=sql][redirect /][/formvariables][!]
[/!][formvariables name=sqlconnect][redirect /][/formvariables][!]
[/!][formvariables name=sqldisconnect][redirect /][/formvariables][!]
[/!][formvariables name=sqlexecute][redirect /][/formvariables][!]
[/!][formvariables name=sqlinfo][redirect /][/formvariables][!]
[/!][formvariables name=sqlrelease][redirect /][/formvariables][!]
[/!][formvariables name=sqlresult][redirect /][/formvariables][!]
[/!][formvariables name=switch][redirect /][/formvariables][!]
[/!][formvariables name=table][redirect /][/formvariables][!]
[/!][formvariables name=tcpconnect][redirect /][/formvariables][!]
[/!][formvariables name=tcpsend][redirect /][/formvariables][!]
[/!][formvariables name=text][redirect /][/formvariables][!]
[/!][formvariables name=then][redirect /][/formvariables][!]
[/!][formvariables name=thisurl][redirect /][/formvariables][!]
[/!][formvariables name=time][redirect /][/formvariables][!]
[/!][formvariables name=unurl][redirect /][/formvariables][!]
[/!][formvariables name=uppercase][redirect /][/formvariables][!]
[/!][formvariables name=url][redirect /][/formvariables][!]
[/!][formvariables name=username][redirect /][/formvariables][!]
[/!][formvariables name=validcard][redirect /][/formvariables][!]
[/!][formvariables name=version][redirect /][/formvariables][!]
[/!][formvariables name=version][redirect /][/formvariables][!]
[/!][formvariables name=waitforfile][redirect /][/formvariables][!]
[/!][formvariables name=writefile][redirect /][/formvariables][!]
[/!][formvariables name=xmlnode][redirect /][/formvariables][!]
[/!][formvariables name=xmlnodes][redirect /][/formvariables][!]
[/!][formvariables name=xmlnodesattributes][redirect /][/formvariables][!]
[/!][formvariables name=xmlparse][redirect /][/formvariables][!]
[/!][formvariables name=xsl][redirect /][/formvariables][!]
[/!][formvariables name=xslt][redirect /][/formvariables][!]
[/!][!]--- END: to plug up the security hole of when URL hacker passes a webdna context name as a formvar---[/!]




On Wed, Dec 12, 2012 at 2:44 PM, Terry Wilson <terry@terryfic.com> wrote:
This exploit was discovered a few years back, but I thought it was fixed, or a fix was announced or something. I forget.

Terry



Hi,

I am running V6.2 on CentOS 5.8 and have found instances where WebDNA code displays on a page if certain WebDNA tags are in the URL.

I thought it was something I was doing but this appears to happen on the www.webdna.us site as well.

http://www.webdna.us/page.dna?text=
takes you to a page that shows only webdna code

http://www.webdna.us/page.dna?numero=56&text=
adds a line of text above the navigation row in the red background (need to mouse over to see it - text is same color as red background)


I first experienced this with   !=  and fixed it by putting a RewriteRule in an .htaccess file in the site's root folder

Today I tried a few other tags and found others. I haven't checked all the tags just a handful.

text=
math=
format=

Anyone else experience this, have a fix or suggestion?

Thanks,
Steve


---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us


--
Terry Wilson | terry@terryfic.com | http://terryfic.com
http://WhosComing.com - a simplified, affordable online reservation system
iStockPhoto portfolio - http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D
--------------------------------------------------------------------------
Attitude is the only difference between ordeal and adventure.

---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

--Apple-Mail=_9477999A-F9DA-4BF3-B916-D04FAD74F2EE-- Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[Sum] function? (1997) [WriteFile] problems (1997) PIXO Support (1997) lookup problem (2002) format_to_days on NT (1997) WebCatalog2 Feature Feedback (1996) Need relative path explanation (1997) [OT] MacOs IE5 topmargin and leftmargin bug (2000) emailer (1997) Db crash in win98 (2000) verify online (1997) [Fwd: Rotating Banners ... (was LinkExchange)] (1997) can WC render sites out? (1997) mimeheaders to allow back button to work on a posted page? (2004) PGP encrypted email (1998) database size? (1997) MacAuthorize order data fields WAS:How To question... (1997) Emailer (WebCat2) (1997) text size limitation (1997) Linux ODBC and the ODBC Bridge (2000)