Runboard.com
You're welcome.
Runboard Extra! The Runboard Directory Runboard Knowledge Base

Ugly blue checkboxes in Chrome since the last update? checkbox

See how to fix it here!

Chat room Runboard Knowledge Base (wiki) Search Facebook Twitter





runboard.com       You are not logged in.

Page:  1  2  3  4 

 
Thor Profile
Live feed
Blog
Friends
Miscellaneous info

Head Administrator
Runboard developer

Registered: 01-2003
Location: RB machine room
Posts: 4993
Karma: 230 (+273/-43)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


I have nothing against doing tricks with your boards, my only concern is to prevent malicious users ruin your boards using tricks. This is why I disabled HTML in sigs, why HTML doens't work in message bodies, etc, etc.

Feel free to use tricks, distribute them, or whatever, but please be aware that if a particular trick allows people to attack akheva.com or akheva.com's boards, it will be fixed.

I actually think that those tricks are cool emoticon
7/11/2003, 10:17 am Link to post Email Thor   PM Thor ICQ Yahoo Blog
 
AceKevin Profile
Live feed
Blog
Friends
Miscellaneous info



Registered: 05-2003
Location: San Antonio, Texas
Posts: 183
Karma: 0 (+0/-0)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


OK, I've been wanting a bigger sig limit. Maybe you're not so bad...but I'll always be watching.

---
My hompage:
http://www.geocities.com/kevin_jesse2002
My Forum:
http://com2.akheva.com/bkevinsgenralboard
7/11/2003, 2:25 pm Link to post Email AceKevin   PM AceKevin MSN Yahoo
 
kriptonic Profile
Live feed
Blog
Friends
Miscellaneous info

Heavy poster

Registered: 07-2003
Location: Frankfort Ohio
Posts: 623
Karma: 1 (+1/-0)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


Ace, thank. We have more in common than you think. We both think spouzic is a Goddess and we're the same age. emoticon

Thor, no worries. I am all about security. emoticon If someone does find a maliscious oppurtunity in my code I promise I will never code again... aaah AND that would stink lol.

---
- Kriptonic -
7/11/2003, 3:05 pm Link to post Email kriptonic   PM kriptonic
 
Thor Profile
Live feed
Blog
Friends
Miscellaneous info

Head Administrator
Runboard developer

Registered: 01-2003
Location: RB machine room
Posts: 4993
Karma: 230 (+273/-43)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


Actually, the more hacks or attempts at hacks I see here, the more stuff I have a chance to fix, making the overall security better.
7/11/2003, 3:52 pm Link to post Email Thor   PM Thor ICQ Yahoo Blog
 
kriptonic Profile
Live feed
Blog
Friends
Miscellaneous info

Heavy poster

Registered: 07-2003
Location: Frankfort Ohio
Posts: 623
Karma: 1 (+1/-0)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


Thor, I really see someone trying to steal cookies with [img] bbcode. This could result in account hijacking. A possible way to fix this is simply change the code to [img noborder] emoticon

---
- Kriptonic -
7/11/2003, 3:58 pm Link to post Email kriptonic   PM kriptonic
 
Thor Profile
Live feed
Blog
Friends
Miscellaneous info

Head Administrator
Runboard developer

Registered: 01-2003
Location: RB machine room
Posts: 4993
Karma: 230 (+273/-43)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


Care to explain more indepth?

A cookie is limited to a domain, i.e. cookies used for user identification here are cookies that work for akheva.com.

How would an akheva.com cookie be stolen with an img tag?

Not to mention, that with IE6, actually using a cookie from an anchor of any kind (img tag, frame, etc), is a pain emoticon

But at any rate, an akheva.com shouldn't definitely not leak outside.

I'd like to know if I'm wrong emoticon

Last edited by Thor, 7/11/2003, 5:02 pm
7/11/2003, 5:02 pm Link to post Email Thor   PM Thor ICQ Yahoo Blog
 
kriptonic Profile
Live feed
Blog
Friends
Miscellaneous info

Heavy poster

Registered: 07-2003
Location: Frankfort Ohio
Posts: 623
Karma: 1 (+1/-0)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


Hold on Thor, don't be too nieve.

With a few things, CGI and C++ and vB. This can be accomplished..

You can do 1 of 2 things.

1. Implant a cookie stealing script on your board somewhere,that is programmer log the cookie on a cgi website. You enter the cookie in a small program that is made to open a browser with that cookie, and it temporarily hijacks the account.

2. You can use the [img] tag to insert an dynamic image generator that you've programmed to include harmful code in it, it feeds the cookie to the cgi site and you whip out your prog.

Now, you don't have to take my word for this, but I have seen this done on other networks such as this. They patched it by changing it to [image noborder]....sigh

---
- Kriptonic -
7/11/2003, 5:19 pm Link to post Email kriptonic   PM kriptonic
 
Thor Profile
Live feed
Blog
Friends
Miscellaneous info

Head Administrator
Runboard developer

Registered: 01-2003
Location: RB machine room
Posts: 4993
Karma: 230 (+273/-43)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


I didn't understand anything of it. Can you give me a link to an example of such code? In PM would be best.

If you can trick a web browser into sending a cookie to a host the cookie is not intended for, it is a really big security issue (web browser related), and would probably affect a LOT of the dynamic web sites out there with user generated content (think guestbooks, weblogs, etc).
7/11/2003, 5:26 pm Link to post Email Thor   PM Thor ICQ Yahoo Blog
 
Danta Profile
Live feed
Blog
Friends
Miscellaneous info

MAN WITH THE GOLDEN CHALICE

Registered: 06-2003
Location: In my cave
Posts: 1179
Karma: 3 (+14/-11)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


quote:

Thor wrote:

I didn't understand anything of it. Can you give me a link to an example of such code?



thor, you should visit www.astalavista.com, they have loads of info about hacking into accounts, but more importantly, secure it.

---
quote:

Danta that I've been seeing u around in many great boards,u're kind of famous


7/11/2003, 5:43 pm Link to post Email Danta   PM Danta Blog
 
kriptonic Profile
Live feed
Blog
Friends
Miscellaneous info

Heavy poster

Registered: 07-2003
Location: Frankfort Ohio
Posts: 623
Karma: 1 (+1/-0)
Reply | Quote
Re: Modification to boards : Change the limit of the allowed subject length


Thor,

I do not have the code. I know of it, and have seen it at work, and have read tutorials and readme files. Let's just say I will try and gather a file and run it on ezboard.com (on a test account) and show you the screenshot.

---
- Kriptonic -
7/11/2003, 7:21 pm Link to post Email kriptonic   PM kriptonic
 


Add a reply

Page:  1  2  3  4 



You are not logged in (login)