Re: [WebDNA] WebDNA code displaying on page

This WebDNA talk-list message is from

2012


It keeps the original formatting.
numero = 110003
interpreted = N
texte = Hi Chris, So is there a fix for 6.2? I am guessing then that the webdna.us site is also still running 6.2? christophe.billiottet@webdna.us wrote: > Exact, that was fixed in WebDNA.fcgi few years ago > > - chris > > > On Dec 12, 2012, at 17:44, Terry Wilson wrote: > > >> This exploit was discovered a few years back, but I thought it was >> fixed, or a fix was announced or something. I forget. >> >> Terry >> >> >> >>> Hi, >>> >>> I am running V6.2 on CentOS 5.8 and have found instances where >>> WebDNA code displays on a page if certain WebDNA tags are in the URL. >>> >>> I thought it was something I was doing but this appears to happen on >>> the www.webdna.us site as well. >>> >>> http://www.webdna.us/page.dna?text= >>> takes you to a page that shows only webdna code >>> >>> http://www.webdna.us/page.dna?numero=56&text= >>> adds a line of text above the navigation row in the red background >>> (need to mouse over to see it - text is same color as red background) >>> >>> >>> I first experienced this with != and fixed it by putting a >>> RewriteRule in an .htaccess file in the site's root folder >>> >>> Today I tried a few other tags and found others. I haven't checked >>> all the tags just a handful. >>> >>> text= >>> math= >>> format= >>> >>> Anyone else experience this, have a fix or suggestion? >>> >>> Thanks, >>> Steve >>> >>> >>> --------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list. >>> To unsubscribe, E-mail to: >>> archives: http://mail.webdna.us/list/talk@webdna.us >>> Bug Reporting: support@webdna.us >>> >> >> -- >> Terry Wilson | terry@terryfic.com | http://terryfic.com >> http://WhosComing.com - a simplified, affordable online reservation system >> iStockPhoto portfolio - http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D >> -------------------------------------------------------------------------- >> Attitude is the only difference between ordeal and adventure. >> --------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list. >> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us >> Bug Reporting: support@webdna.us >> > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list. > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012)
  2. Re: [WebDNA] WebDNA code displaying on page (Tom Duke 2012)
  3. Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012)
  4. Re: [WebDNA] WebDNA code displaying on page (Donovan Brooke 2012)
  5. Re: [WebDNA] WebDNA code displaying on page (Govinda 2012)
  6. Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012)
  7. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  8. Re: [WebDNA] WebDNA code displaying on page (Michael Davis 2012)
  9. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  10. Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012)
  11. Re: [WebDNA] WebDNA code displaying on page (Brian Fries 2012)
  12. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  13. Re: [WebDNA] WebDNA code displaying on page (Steve Raslevich 2012)
  14. Re: [WebDNA] WebDNA code displaying on page (WebDNA Solutions 2012)
  15. Re: [WebDNA] WebDNA code displaying on page (Daniel Meola 2012)
  16. Re: [WebDNA] WebDNA code displaying on page (christophe.billiottet@webdna.us 2012)
Hi Chris, So is there a fix for 6.2? I am guessing then that the webdna.us site is also still running 6.2? christophe.billiottet@webdna.us wrote: > Exact, that was fixed in WebDNA.fcgi few years ago > > - chris > > > On Dec 12, 2012, at 17:44, Terry Wilson wrote: > > >> This exploit was discovered a few years back, but I thought it was >> fixed, or a fix was announced or something. I forget. >> >> Terry >> >> >> >>> Hi, >>> >>> I am running V6.2 on CentOS 5.8 and have found instances where >>> WebDNA code displays on a page if certain WebDNA tags are in the URL. >>> >>> I thought it was something I was doing but this appears to happen on >>> the www.webdna.us site as well. >>> >>> http://www.webdna.us/page.dna?text= >>> takes you to a page that shows only webdna code >>> >>> http://www.webdna.us/page.dna?numero=56&text= >>> adds a line of text above the navigation row in the red background >>> (need to mouse over to see it - text is same color as red background) >>> >>> >>> I first experienced this with != and fixed it by putting a >>> RewriteRule in an .htaccess file in the site's root folder >>> >>> Today I tried a few other tags and found others. I haven't checked >>> all the tags just a handful. >>> >>> text= >>> math= >>> format= >>> >>> Anyone else experience this, have a fix or suggestion? >>> >>> Thanks, >>> Steve >>> >>> >>> --------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list. >>> To unsubscribe, E-mail to: >>> archives: http://mail.webdna.us/list/talk@webdna.us >>> Bug Reporting: support@webdna.us >>> >> >> -- >> Terry Wilson | terry@terryfic.com | http://terryfic.com >> http://WhosComing.com - a simplified, affordable online reservation system >> iStockPhoto portfolio - http://www.istockphoto.com/Terryfic3D?refnum=Terryfic3D >> -------------------------------------------------------------------------- >> Attitude is the only difference between ordeal and adventure. >> --------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list. >> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us >> Bug Reporting: support@webdna.us >> > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list. > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > Steve Raslevich

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Pithy questions on webcommerce & siteedit (1997) rotating thumbnails (1997) TRAINING videos - Prove IT. (1998) [WC 2.1.30] Stack overflow. (2000) Template Encryption (1998) Giving out error pages (1997) [WriteFile] problems (1997) [WebDNA] WebDNA code displaying on page (2012) Multi-processor Mac info ... (1997) POS (2000) Uh...can someone help me out with the b10? (1997) Appending current [date] to a database (1997) [TEST] - Please Ignore (2000) [url] with frames (2003) PCS search results page (1998) WebDNA 4.5 not starting on boot? (2002) Database changes (1998) Re:no [search] with NT (1997) Out of the woodwork (2007) Printing a final order (1997)