Re: [WebDNA] WebDNA code displaying on page

This WebDNA talk-list message is from

2012


It keeps the original formatting.
numero = 110000
interpreted = N
texte = Exact, that was fixed in WebDNA.fcgi few years ago - chris On Dec 12, 2012, at 17:44, Terry Wilson wrote: > This exploit was discovered a few years back, but I thought it was=20 > fixed, or a fix was announced or something. I forget. >=20 > Terry >=20 >=20 >> Hi, >>=20 >> I am running V6.2 on CentOS 5.8 and have found instances where=20 >> WebDNA code displays on a page if certain WebDNA tags are in the URL. >>=20 >> I thought it was something I was doing but this appears to happen on=20= >> the www.webdna.us site as well. >>=20 >> http://www.webdna.us/page.dna?text=3D >> takes you to a page that shows only webdna code >>=20 >> http://www.webdna.us/page.dna?numero=3D56&text=3D >> adds a line of text above the navigation row in the red background=20 >> (need to mouse over to see it - text is same color as red background) >>=20 >>=20 >> I first experienced this with !=3D and fixed it by putting a=20 >> RewriteRule in an .htaccess file in the site's root folder >>=20 >> Today I tried a few other tags and found others. I haven't checked=20 >> all the tags just a handful. >>=20 >> text=3D >> math=3D >> format=3D >>=20 >> Anyone else experience this, have a fix or suggestion? >>=20 >> Thanks, >> Steve >>=20 >>=20 >> --------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us >> Bug Reporting: support@webdna.us >=20 >=20 > --=20 > Terry Wilson | terry@terryfic.com | http://terryfic.com > http://WhosComing.com - a simplified, affordable online reservation = system > iStockPhoto portfolio - = http://www.istockphoto.com/Terryfic3D?refnum=3DTerryfic3D > = --------------------------------------------------------------------------= > Attitude is the only difference between ordeal and adventure. > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012)
  2. Re: [WebDNA] WebDNA code displaying on page (Tom Duke 2012)
  3. Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012)
  4. Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012)
  5. Re: [WebDNA] WebDNA code displaying on page (Govinda 2012)
  6. Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012)
  7. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  8. Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012)
  9. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  10. Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012)
  11. Re: [WebDNA] WebDNA code displaying on page (Brian Fries 2012)
  12. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  13. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  14. Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012)
  15. Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012)
  16. Re: [WebDNA] WebDNA code displaying on page (christophe.billiottet@webdna.us 2012)
Exact, that was fixed in WebDNA.fcgi few years ago - chris On Dec 12, 2012, at 17:44, Terry Wilson wrote: > This exploit was discovered a few years back, but I thought it was=20 > fixed, or a fix was announced or something. I forget. >=20 > Terry >=20 >=20 >> Hi, >>=20 >> I am running V6.2 on CentOS 5.8 and have found instances where=20 >> WebDNA code displays on a page if certain WebDNA tags are in the URL. >>=20 >> I thought it was something I was doing but this appears to happen on=20= >> the www.webdna.us site as well. >>=20 >> http://www.webdna.us/page.dna?text=3D >> takes you to a page that shows only webdna code >>=20 >> http://www.webdna.us/page.dna?numero=3D56&text=3D >> adds a line of text above the navigation row in the red background=20 >> (need to mouse over to see it - text is same color as red background) >>=20 >>=20 >> I first experienced this with !=3D and fixed it by putting a=20 >> RewriteRule in an .htaccess file in the site's root folder >>=20 >> Today I tried a few other tags and found others. I haven't checked=20 >> all the tags just a handful. >>=20 >> text=3D >> math=3D >> format=3D >>=20 >> Anyone else experience this, have a fix or suggestion? >>=20 >> Thanks, >> Steve >>=20 >>=20 >> --------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us >> Bug Reporting: support@webdna.us >=20 >=20 > --=20 > Terry Wilson | terry@terryfic.com | http://terryfic.com > http://WhosComing.com - a simplified, affordable online reservation = system > iStockPhoto portfolio - = http://www.istockphoto.com/Terryfic3D?refnum=3DTerryfic3D > = --------------------------------------------------------------------------= > Attitude is the only difference between ordeal and adventure. > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us christophe.billiottet@webdna.us

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

RandSeed broken on 4.0.2 / Mac OS X (2002) OT: Browser based spell check (2002) UNSUBSCRIBE (2000) Shared Webstar Directory (1998) WebCatalog 4.0 has been released! (2000) Header info in content (1998) show all problem (1997) [url] (1997) Fwd: HTML encoding in URLs (1997) HideIf ip= OR ip= (1998) vs (1997) SHOWIF/HIDEIF empty fields (2005) WC2b15 File Corruption (1997) PCS Customer submissions ? (1997) Web Catalog 2 demo (1997) [WebDNA] Hard-coded db write delay when running certain code? (2011) too many nested tags ... (1997) Finer than a second. (2001) Laying an egg. (1998) Firesite and [referrer] atg broke (1997)