So it still exists in the current non-fcgi versions, correct?
Sincerely,
Kenneth Grome
WebDNA Solutions
http://www.webdnasolutions.com
WebDNA Programming and Linux Server Administration
> Exact, that was fixed in WebDNA.fcgi few years ago
>
> - chris
>
> On Dec 12, 2012, at 17:44, Terry Wilson <terry@terryfic.com> wrote:
> > This exploit was discovered a few years back, but I
> > thought it was fixed, or a fix was announced or
> > something. I forget.
> >
> > Terry
> >
> >> Hi,
> >>
> >> I am running V6.2 on CentOS 5.8 and have found
> >> instances where WebDNA code displays on a page if
> >> certain WebDNA tags are in the URL.
> >>
> >> I thought it was something I was doing but this
> >> appears to happen on the www.webdna.us site as well.
> >>
> >> http://www.webdna.us/page.dna?text=
> >> takes you to a page that shows only webdna code
> >>
> >> http://www.webdna.us/page.dna?numero=56&text=
> >> adds a line of text above the navigation row in the
> >> red background (need to mouse over to see it - text
> >> is same color as red background)
> >>
> >>
> >> I first experienced this with != and fixed it by
> >> putting a RewriteRule in an .htaccess file in the
> >> site's root folder
> >>
> >> Today I tried a few other tags and found others. I
> >> haven't checked all the tags just a handful.
> >>
> >> text=
> >> math=
> >> format=
> >>
> >> Anyone else experience this, have a fix or suggestion?
> >>
> >> Thanks,
> >> Steve
> >>
> >>
> >> ------------------------------------------------------
> >> --- This message is sent to you because you are
> >> subscribed to the mailing list <talk@webdna.us>.
> >> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> >> archives: http://mail.webdna.us/list/talk@webdna.us
> >> Bug Reporting: support@webdna.us
>
> ---------------------------------------------------------
> This message is sent to you because you are subscribed to
> the mailing list <talk@webdna.us>.
> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> archives: http://mail.webdna.us/list/talk@webdna.us
> Bug Reporting: support@webdna.us
--Boundary-01=_pBOyQMTww/PBxQs-- Associated Messages, from the most recent to the oldest:So it still exists in the current non-fcgi versions, correct?
Sincerely,
Kenneth Grome
WebDNA Solutions
http://www.webdnasolutions.com
WebDNA Programming and Linux Server Administration
> Exact, that was fixed in WebDNA.fcgi few years ago
>
> - chris
>
> On Dec 12, 2012, at 17:44, Terry Wilson <terry@terryfic.com> wrote:
> > This exploit was discovered a few years back, but I
> > thought it was fixed, or a fix was announced or
> > something. I forget.
> >
> > Terry
> >
> >> Hi,
> >>
> >> I am running V6.2 on CentOS 5.8 and have found
> >> instances where WebDNA code displays on a page if
> >> certain WebDNA tags are in the URL.
> >>
> >> I thought it was something I was doing but this
> >> appears to happen on the www.webdna.us site as well.
> >>
> >> http://www.webdna.us/page.dna?text=
> >> takes you to a page that shows only webdna code
> >>
> >> http://www.webdna.us/page.dna?numero=56&text=
> >> adds a line of text above the navigation row in the
> >> red background (need to mouse over to see it - text
> >> is same color as red background)
> >>
> >>
> >> I first experienced this with != and fixed it by
> >> putting a RewriteRule in an .htaccess file in the
> >> site's root folder
> >>
> >> Today I tried a few other tags and found others. I
> >> haven't checked all the tags just a handful.
> >>
> >> text=
> >> math=
> >> format=
> >>
> >> Anyone else experience this, have a fix or suggestion?
> >>
> >> Thanks,
> >> Steve
> >>
> >>
> >> ------------------------------------------------------
> >> --- This message is sent to you because you are
> >> subscribed to the mailing list <talk@webdna.us>.
> >> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> >> archives: http://mail.webdna.us/list/talk@webdna.us
> >> Bug Reporting: support@webdna.us
>
> ---------------------------------------------------------
> This message is sent to you because you are subscribed to
> the mailing list <talk@webdna.us>.
> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> archives: http://mail.webdna.us/list/talk@webdna.us
> Bug Reporting: support@webdna.us
--Boundary-01=_pBOyQMTww/PBxQs-- WebDNA SolutionsDOWNLOAD WEBDNA NOW!
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...