Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

PortalWebHosting
  Ads  
Aspose - The .NET & Java component publisher
 


  Sponsors  

Meet Our Sponsors

Portal Webhosting - Hosting For Developers
Red-Gate Software
MaximumASP
SourceGear - Tools for Developers
.: CounterSoft :.
telerik
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  Possible Special Parameter Vulnerability Found?
Previous Previous
 
Next Next
New Post 7/3/2008 4:37 AM
User is offline iadalang
81 posts
10th Ranked


Possible Special Parameter Vulnerability Found? 

Possible Special Parameter Vulnerability Found?

URL : http://www.dotnetnuke.com/?error=1

Output on home page :

A critical error has occurred.
1

URL : http://www.dotnetnuke.com/?error=true

Output on home page :

A critical error has occurred.
true

URL : http://www.dotnetnuke.com/?error=yes

Output on home page :

A critical error has occurred.
yes
 
New Post 7/3/2008 7:36 AM
User is offline Jeff Cochran
1552 posts
5th Ranked


Re: Possible Special Parameter Vulnerability Found? 

What makes this a vulnerability?  Have you been able to do anything but parrot the text to the display?

Jeff
 
New Post 7/3/2008 9:03 AM
User is offline Sanjay Mehrotra
509 posts
www.acuitisolutions.com
8th Ranked




Re: Possible Special Parameter Vulnerability Found? 

Mark - just to humor me what exactly is the "vulnerability" you're describing in your post? 
Sanjay

 

AcuitiDP - Oracle Data Provider for DotNetNuke
 
New Post 7/4/2008 9:40 AM
User is offline Brandon Haynes
705 posts
brandonhaynes.org
7th Ranked


Re: Possible Special Parameter Vulnerability Found? 
Modified By Brandon Haynes on 7/4/2008 11:41:41 AM)

I think you'll find that the output is properly encoded and dangerous tags are removed.  Although I haven't looked specifically at the link you posted, I expect it to be no more vulnerable than http://www.google.com/search?q=BrandonHaynes.org

Brandon

Edit: Sometimes I can't spell.

Brandon Haynes
BrandonHaynes.org
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  Possible Special Parameter Vulnerability Found?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


DNN SEO
Seablick Consulting specializes in DNN search engine optimization (SEO), DNN consulting, as well as support & training.
seablick.com 		Intura Vision / Intura Enterprise
Point-of-Sale and business management applications targeted towards quick service, fast casual and delivery-based restaurant concepts.
www.intura.com 		Dnaxp.Net
Dnaxp.Net offers a comprehensive base of information, resources, and support for DotNetNuke.
www.dnaxp.net

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP