Author |
Message |
mrix
Client

Joined: Dec 04, 2004
Posts: 757
|
Posted:
Mon Sep 26, 2005 9:20 am |
|
|
|
 |
Raven
Site Admin/Owner

Joined: Aug 27, 2002
Posts: 17088
|
Posted:
Mon Sep 26, 2005 9:53 am |
|
The quote marks and/or parentheses are not allowed in a search string for security against XSS attacks. |
|
|
|
 |
mrix

|
Posted:
Mon Sep 26, 2005 11:52 am |
|
Sorry I am not sure what you are talking about regards the quotes? are you saying its something I have added?
Cheers
mrix |
|
|
|
 |
Raven

|
Posted:
Mon Sep 26, 2005 12:59 pm |
|
Look at the Query String at the end. Do you know where the quote and parentheses are coming from? |
|
|
|
 |
mrix

|
Posted:
Mon Sep 26, 2005 1:06 pm |
|
To be honest I have no idea?
Cheers
mrix |
|
|
|
 |
Raven

|
Posted:
Mon Sep 26, 2005 1:12 pm |
|
Well, that's the source of the Bans. |
|
|
|
 |
mrix

|
Posted:
Tue Sep 27, 2005 12:16 am |
|
Strange thing though I have these emails coming from my News Downloads Links and survey pages? this all happened after installing the latest sentinal it must be some code somwhere as I havnt changed anything for months on these pages now they are blocking? these quote marks etc must be part of nuke or sentinal?
Cheers
mrix |
|
|
|
 |
Raven

|
Posted:
Tue Sep 27, 2005 12:26 am |
|
Both. If you have parentheses or quote marks in your download titles get rid of them. This is not new. |
|
|
|
 |
mrix

|
Posted:
Tue Sep 27, 2005 12:45 am |
|
I havnt touched my downloads page in over a year but I`ll check this out etc.
I do appriciate the help
Thanks
mrix |
|
|
|
 |
mrix

|
Posted:
Tue Sep 27, 2005 12:49 am |
|
|
|
 |
mrix

|
Posted:
Thu Sep 29, 2005 12:17 am |
|
Actually the when I go to the download page above as admin it shows the download page but no downloads links in it at all?
should I just allow the blocked ip`s of yahoo slurp ?
Cheers
mrix |
|
|
|
 |
VinDSL
Life Cycles Becoming CPU Cycles

Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
|
Posted:
Thu Sep 29, 2005 2:10 am |
|
Heh! I see it...
Look at the code for sorting your downloads, for instance 'Popularity (A\D)'...
Code:http://www.sea-fishing.org/download1-orderbyhitsD.html
|
LoL! 'orderbyhitsD.html' -> 'derby=hitsD' Get it?  |
_________________ .:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. |
|
 |
 |
mrix

|
Posted:
Thu Sep 29, 2005 2:40 am |
|
Hi I am sure you know what you are talking about but I dont really know the ins and outs of phpnuke code and that means nothing to me unfortunately is there an easy way to fix this ? the only thing I can see from it it may be a google tap problem and when I have updated the with the 3.1 files its messed it up I use GT Nextgen and thats a little out of date now.
Cheers
mrix |
|
|
|
 |
VinDSL

|
Posted:
Thu Sep 29, 2005 4:39 am |
|
mrix wrote: | Hi I am sure you know what you are talking about but I dont really know the ins and outs of phpnuke... |
What I'm saying is when a user tries to sort your downloads, it bans you. That's how it's happening...
I looked at your source code first, then tested the theory and attempted to sort your downloads, on both sites -- and promptly got banned as soon as I clicked the button[s].
I'm the guy running SeaMonkey 1.1 Alpha for a browser, so don't report me to the federal authorities...  |
|
|
|
 |
|