Results 1 to 6 of 6
  1. #1
    Join Date
    Oct 2000
    Posts
    567

    Perl expert, need help..Matt's board script hole..

    Hi all,

    I'm using Matt's wwwboard http://www.scriptarchive.com/wwwboard.html and it seems that someone can easily hijacked the board simply put an HTTP refresh header command into the subject into a new thread so my board will automatically go to a porn site everytime someone load it.

    I'm not a perl expert, can someone help me to create a sub routine so everytime the 'subject' value contains a REFRESH word and the script will not post it?

    Thanks in advance.

  2. #2
    Join Date
    Jan 2005
    Location
    UK
    Posts
    94
    Why not remove any html tags from the subject?

    You're lucky they did not inject the <plaintext> tag.
    Please, call me RoF

    Cheap - Affordable Resellers - http://www.gazzin.com

  3. #3
    Join Date
    Jan 2003
    Posts
    1,715
    Is that dinosaur still around? It's one giant security hole. With two browser windows and some timing, you can blank the board. You should get a setup on one of the free message board sites -- more features, less problems.
    Game Servers are the next hot market!
    Slim margins, heavy support, fickle customers, and moronic suppliers!
    Start your own today!

  4. #4
    Hahaha the demo of that doesnt work lol http://www.scriptarchive.com/demos/w.../wwwboard.html

  5. #5
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    If you really want to keep using wwwboard, change to the nms version. I've not tried it but generally these programs are compatible with Matt's originals and much better written...

    nms-cgi.sourceforge dot net/scripts.shtml

  6. #6
    I would second the suggestion to use another board software. There are any number of them that are free out there. You can check out cgi.resource-index.com and php.resource-index.com for some GOOD free scripts.
    Game control panels - control your game world your way. Server-Genie.com
    http://www.server-genie.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •