Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
3 registered members (M4TT, isaac, JAISP), 55 guests, and 258 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
Ruben
Ruben
Lutz,FL
Posts: 5,824
Joined: December 2003
Show All Member Profiles 
Top Posters(30 Days)
Gizmo 15
FREAK 11
M4TT 11
mmkk 5
Ruben 5
isaac 4
Latest Photos
Chinese Buddhist temple.
My buddha beads.
Rendered Walls
Multi-Screen wallpaper
Stockholm Metro
Previous Thread
Next Thread
Print Thread
[NOTABUG] Got past the untaint check! #113891
01/30/05 10:38 PM
01/30/05 10:38 PM
Joined: Apr 2004
Posts: 141
O
oracleweb Offline OP
member
oracleweb  Offline OP
member
O
Joined: Apr 2004
Posts: 141
w00t!

http://www.ubbcentral.com/cgi-bin/ultimatebb.cgi?ubb=recent_user_posts

I was viewing a member's recent posts on my forum

( http://www.ianspence.com/cgi-bin/ultimatebb.cgi?ubb=recent_user_posts;u=00000071 )

I then went to check mine. Knowing I'm #1 <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> , I deleted the 7 and forgot it had to be 8 numbers long. Anyhoo, I got past the check. I then checked here to make sure it wasn't one of my modifications.

Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
Re: [NOTABUG] Got past the untaint check! #113892
01/30/05 10:40 PM
01/30/05 10:40 PM
Joined: Jun 2006
Posts: 361
Des Moines, IA
Ron M Offline
enthusiast
Ron M  Offline
enthusiast
Joined: Jun 2006
Posts: 361
Des Moines, IA
How did you get past the untaint check? at CGIPath/ubb_profile.cgi line 1142.

This can be confirmed on an unmodified 6.7.2 board (mine)

Re: [NOTABUG] Got past the untaint check! #113893
01/31/05 12:50 AM
01/31/05 12:50 AM
Joined: Jun 2006
Posts: 16,785
Portland, OR; USA
Gizmo Offline
UBB.threads Developer
Gizmo  Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 16,785
Portland, OR; USA
Confirmed on my 6.7.2 modified forum; it's kinda fun to add more/less "0's" to the address bar for the user number; it gets past in either direction.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: [NOTABUG] Got past the untaint check! #113894
01/31/05 01:32 PM
01/31/05 01:32 PM
Joined: Jul 2006
Posts: 2,199
David Dreezer Offline

Pooh-Bah
David Dreezer  Offline

Pooh-Bah
Joined: Jul 2006
Posts: 2,199
This is the designed behavior - you didn't actually pass in a valid eight digit user number. The code intentionally does not forcefully mangle the number.


This thread for sale. Click here! [Linked Image]
Re: [NOTABUG] Got past the untaint check! #113895
01/31/05 11:15 PM
01/31/05 11:15 PM
Joined: Jun 2006
Posts: 16,785
Portland, OR; USA
Gizmo Offline
UBB.threads Developer
Gizmo  Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 16,785
Portland, OR; USA
Wouldn't it instead make more sense to state "you have not entered a valid 8 digit member id" vs "you have bypassed the taint check"?


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: [NOTABUG] Got past the untaint check! #113896
02/01/05 10:13 AM
02/01/05 10:13 AM
Joined: Jul 2006
Posts: 2,199
David Dreezer Offline

Pooh-Bah
David Dreezer  Offline

Pooh-Bah
Joined: Jul 2006
Posts: 2,199
There are no conditions in which an invalid link can be generated to that page. The error isn't meant to be user-friendly, as it's one of those "this can't happen" errors.


This thread for sale. Click here! [Linked Image]
Re: [NOTABUG] Got past the untaint check! #113897
02/01/05 12:08 PM
02/01/05 12:08 PM
Joined: Jun 2006
Posts: 16,785
Portland, OR; USA
Gizmo Offline
UBB.threads Developer
Gizmo  Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 16,785
Portland, OR; USA
Yeh, but there are many ways that a user can mess a direct link to that page up in a sig/post then whine that the board has a bug lol


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Users Unable to Upload Avatar
by M4TT. 12/13/17 08:51 AM
Shout Box Sound Effect
by M4TT. 11/29/17 08:28 PM
Ad island
by TGCsanderson. 11/25/17 06:41 PM
Taking to long to connect to DB
by AstroCat. 11/24/17 12:34 PM
Forum Statistics
Forums36
Topics35,015
Posts190,534
Members12,045
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.1
(Snapshot build 20171106)