Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Sep 2002
Posts: 129
Member
Member
Joined: Sep 2002
Posts: 129
I just want to know if there are any bugs in that Snitz forum, and if there is any "backdoors" thrue blocks??

I want a safe forum on my site and i'm doing some research if my teacher is right this should be a safe forum? <img border="0" alt="[snowboard]" title="" src="graemlins/Snowboard.gif" />

In other words i would like to know if i can stop ppl getting thrue blocks on forums?
(if it's possible to get thrue a block)


*ZmaJL*
Sponsored Links
▼ Sponsored Links ▼ ▲ Sponsored Links ▲
Joined: Mar 2002
Posts: 562
UGN Supporter
UGN Supporter
Joined: Mar 2002
Posts: 562
A secure BBS... ha ha ha

Any BBS will have holes and back doors man. Check it out.

http://www.UnderGroundNews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=1;t=000265

this is the URL for this topic.

you have the normal URL

http://www.UnderGroundNews.com/cgi-bin/ubbcgi/ultimatebb.cgi

then the command stuff

This command say get topic, as opposed to post or delete or whatever other commands there are
?ubb=get_topic;

This say forum 1. I imagine the forum below this is forum 2
f=1;

Topic number 265
t=000265

Now if someone was to play with your URL long enough I am sure they could get somewhere they aren't supposed to be. Well with some skill.

Just make sure Passwords are encrypted and you exersise all security options you can. Also visit their site often and look for security updates.

Joined: Mar 2002
Posts: 599
UGN's Resident Homo
UGN's Resident Homo
Joined: Mar 2002
Posts: 599
i got around a e-learning site doin that once, i saw that the free sample lesson was something like /course=1 so i tried putting in 2 and 3 and so forth, and got access to the full course.


"It's better to burn out, than to fade away."
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
There is no forum 2 lol... Go try it :x...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Joined: Mar 2002
Posts: 562
UGN Supporter
UGN Supporter
Joined: Mar 2002
Posts: 562
heh, cute. Deleted on when putting this puppy up hu?

Joined: Sep 2002
Posts: 129
Member
Member
Joined: Sep 2002
Posts: 129
anyone else who knows a bi more about this??
because i've tryed at my teachers forum (with his allowence of course) and i did just get to the "default page" the page wich includes all the forums. =) but that's good then or it maybe is another system/commandoes with the UBB to that page?


*ZmaJL*
Joined: Mar 2002
Posts: 562
UGN Supporter
UGN Supporter
Joined: Mar 2002
Posts: 562
each board will be a bit different. post an example URL of the main board then 1 level deeper etc etc etc. and I will break it down for you.

Joined: Sep 2002
Posts: 129
Member
Member
Joined: Sep 2002
Posts: 129
http://www.brunns-skola.org/piren/forum/default.asp

breaking it down is not the main reason to this topic, but i'm more curios about the systems.

Besides that adress leads to an adress that you need to be logged on to, the forum is no prob to register in but the page is, it aint something u can register on the net. But good luck any way=)

And i who thought that UBB was some good piece of [censored]=(


*ZmaJL*
Joined: Mar 2002
Posts: 562
UGN Supporter
UGN Supporter
Joined: Mar 2002
Posts: 562
Okay,

These forums are writen in ASP, Active Server Pages.

UBB is writen in Perl.

ASP is a microsoft server side scripting language. To find out how secure your forums are I would first learn ASP. Then study the code and look at how variables are passed. Now read any and all security bullitens dealing with ASP and Snitz Forums 2000.

Sometimes a language will comeout with a exploit in how variables are passed. That could and usally is a big hole in security on boards.

Second the Logon and password, how are they sent to the server? Is SSL used for the connection, or is is plain text all the way to the server. That is a big weakness.

Break down

http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

Root directory of the site
http://www.brunns-skola.org

Some blank page, Little html/javascript code to make it.
http://www.brunns-skola.org/piren
Code
<link rel="stylesheet" href="stil.css" type="text/css">

<script language="JavaScript" src="bada.asp?id=1"></script>
Root directory of the Board
http://www.brunns-skola.org/piren/forum

This seems to actually include default.asp
you can get to the same page using both the below URLS
http://www.brunns-skola.org/piren/forum/forum.asp
http://www.brunns-skola.org/piren/forum/default.asp

This opens the Elever - diskussion forum, which was the 5th forum the web master created. Hence Forum_ID=5
http://www.brunns-skola.org/piren/forum/forum.asp?FORUM_ID=5

I hope I am helping.

Joined: Sep 2002
Posts: 129
Member
Member
Joined: Sep 2002
Posts: 129
Thx, for the info. Too bad it's a bit to advanced for me but i'll try to learn som ASP then as u said...


*ZmaJL*
Joined: Sep 2002
Posts: 129
Member
Member
Joined: Sep 2002
Posts: 129
Anyone who knows any good ASP docs then???


*ZmaJL*
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
I for one find ASP to be completely useless and worthless lol... I'd reccommend you learning PHP if anything.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
I want to learn ASP as well. I'm not a big fan of Microcrooks, but I would like to be familar with the .net frame work.

AlienTerror I will see if I can find a few sites, if I do I will post them here. There are many boards out there is other languages though. ASP is not free, and harder to learn. As Gizmo pointed out PHP would be nice for you to learn. It is free, easy, fun, and very useful on the net.

I for one still want to learn ASP though.

Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
::nod:: aka, useless lol... ASP isn't that hard, its about as hard as using SHTML lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Link Copied to Clipboard
Member Spotlight
None yet
Forum Statistics
Forums41
Topics33,840
Posts68,858
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Dartur 1
Cyrez 1
Girlie 1
unreal 1
Powered by UBB.threads™ PHP Forum Software 8.0.0