w00t!

http://www.ubbcentral.com/cgi-bin/ultimatebb.cgi?ubb=recent_user_posts

I was viewing a member's recent posts on my forum

( http://www.ianspence.com/cgi-bin/ultimatebb.cgi?ubb=recent_user_posts;u=00000071 )

I then went to check mine. Knowing I'm #1 , I deleted the 7 and forgot it had to be 8 numbers long. Anyhoo, I got past the check. I then checked here to make sure it wasn't one of my modifications.

How did you get past the untaint check? at CGIPath/ubb_profile.cgi line 1142.

This can be confirmed on an unmodified 6.7.2 board (mine)

Confirmed on my 6.7.2 modified forum; it's kinda fun to add more/less "0's" to the address bar for the user number; it gets past in either direction.

This is the designed behavior - you didn't actually pass in a valid eight digit user number. The code intentionally does not forcefully mangle the number.

Wouldn't it instead make more sense to state "you have not entered a valid 8 digit member id" vs "you have bypassed the taint check"?

There are no conditions in which an invalid link can be generated to that page. The error isn't meant to be user-friendly, as it's one of those "this can't happen" errors.

Yeh, but there are many ways that a user can mess a direct link to that page up in a sig/post then whine that the board has a bug lol