Thread: [phpslash-users] Troll/exploit alert
Brought to you by:
joestewart,
nhruby
From: Matt \TrollBoy\ W. <tro...@sh...> - 2001-02-15 18:47:35
|
There is an exploit going around and is promarily hittng PHPNuke sites, but I wanted to make this known here.. the "hack" involves using a style sheet on a html parsed post to display an unpleasent background on that paragraph. Do we wanna go ahead and put some sorta filter on this until moderation comes out? From the html of more than one phpnuke site: <p style="background: url(http://goatse.cx/hello.jpg); width: 500px; height: 500px">Tee hee</p> Matt "Trollboy" Wiseman www.shoggoth.net/trollboy/trollboy.jpg Tro...@sh... "I wish the world had one throat!!" -Al Bundy |
From: nathan r. h. <nh...@ar...> - 2001-02-15 21:42:55
|
On Thu, 15 Feb 2001, Matt "TrollBoy" Wiseman wrote: > There is an exploit going around and is promarily hittng PHPNuke sites, but > I wanted to make this known here.. the "hack" involves using a style sheet > on a html parsed post to display an unpleasent background on that paragraph. > Do we wanna go ahead and put some sorta filter on this until moderation > comes out? > > >From the html of more than one phpnuke site: > <p style="background: url(http://goatse.cx/hello.jpg); width: 500px; height: > 500px">Tee hee</p> > Doesn't seem to be an issue, phpslash curently seems to interpert HTML at extrans :) -n -- ........ nathan hruby Webmaster: UGA Department of Drama and Theatre Project Maintainer: phpSlash, Carousel nh...@ar... ........ |
From: Mike G. <mi...@op...> - 2001-03-03 20:57:52
|
Hello, I've written before about the mailing list. I thought that I had managed to fix the problem, but my client has informed me that this is still a problem. It is presently a small list (25), but they are hoping that it will get a lot larger. I pulled down the latest CVS and updated all of the php files in public_html.. It still isn't working though for some reason... It just gives me the following: Now ignoring abort calls... Sending mail to the following users: To: dgl...@is... Subject: Octopus Commentary for today (03/03/2001) -> Mail Sent Successfully! This is actually the 3rd name on the list (as taken for phpMyAdmin): 6 dgl...@is... Deb 20010124235810 Anyone care to join the list and see if you get any info? http://www.octopusbooks.org/discuss/mailinglistAdmin.php3 Also, I've noticed that comments to comments are no longer being kept. These seem to be written over each other in the database. Does this happen on anyone else's site? A testing board can be found here: http://www.octopusbooks.org/discuss/article.php3?story_id=68 Thanks again for your help. Mike -- Mike Gifford, OpenConcept Consulting, http://openconcept.ca Offering everything your organization needs for an effective web site. Check Out The New Octopus Books http://octopusbooks.org No problem can be solved with the same thinking that created it - A.Einstein |
From: nathan r. h. <nh...@ar...> - 2001-03-03 21:18:02
|
----- Original Message ----- From: "Mike Gifford" <mi...@op...> To: <php...@li...> Sent: Saturday, March 03, 2001 1:05 PM Subject: [phpslash-users] Mailing List & Comments > Hello, > > I've written before about the mailing list. I thought that I had managed to fix > the problem, but my client has informed me that this is still a problem. It is > presently a small list (25), but they are hoping that it will get a lot larger. > I pulled down the latest CVS and updated all of the php files in public_html.. > It still isn't working though for some reason... > > It just gives me the following: > > Now ignoring abort calls... > Sending mail to the following users: > To: dgl...@is... Subject: Octopus Commentary for today (03/03/2001) -> Mail > Sent > Successfully! > > This is actually the 3rd name on the list (as taken for phpMyAdmin): > 6 dgl...@is... Deb 20010124235810 > > Anyone care to join the list and see if you get any info? > http://www.octopusbooks.org/discuss/mailinglistAdmin.php3 > > Uhh.. What are you choosing as options to when sending the headlines out? When people subscribe to the lsit they can choose when to recive headlines (daily, or weekly on a particular day..) So if you send out suff on friday only you'll only send mail to those who are subscribed to get mail on Fridays and every day (which in this case may or may not be 6th person in the db) the Mailing List stuff doesn't just walk through the subscriber table and send mail to every one. You can choose to override this by choosing the "Override Frequency" Option at the bottom of the newsletter form. Now the Frequency Figuring Stuff is all kinds of crufty so this may be what's getting you (esp if the day is Sunday..) I have been using the mailing list to mail to real lists in Mailman and things have been fine so far, though I typically hit the Override Frequency and Ovverride Dates Boxes just to be paranoid. While I'm at it let me warn you about phpSlash mailing List module and scalability: It won't scale. There, I've said it you'll here no more from me about it for a while, My karma is clean.. I have done my Duty! :) > Also, I've noticed that comments to comments are no longer being kept. These > seem to be written over each other in the database. Does this happen on anyone > else's site? A testing board can be found here: > http://www.octopusbooks.org/discuss/article.php3?story_id=68 > Yours is broken, However, I tried it on three different installs of phpslash (my personal site, work site, and a site that hasn't gone public yet so I can tell y'all :) all sites worked like a charm.. Dunno what the problem is but it seems very specific to your setup.. Can you try a clean install on the server determine of it's a install issue or a server-wide issue? Check the LUT tables to see if they are screwy? php, MySQL, and apache versions? -n ........ nathan hruby Webmaster: UGA Department of Drama and Theatre Project Maintainer: phpSlash, Carousel nh...@ar... ........ |