vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Why is HTML in forums so dangerous? (https://vborg.vbsupport.ru/showthread.php?t=118320)

twobob 07-02-2006 06:59 AM
Hi Guys

So the security issue is about someone with HTML posting access, posting something nasty - not about viewing HTML from someone trusted?

(Ie - if I'm the only one to post in HTML, then are there any security issues to worry about?)

Also, if I have some HTML (eg IFRAME) within the post, why won't it print? (ie - I see my HTML image within my post, but not when I try to print it!).

Thanks for your help

twobob

sydude 07-07-2006 04:22 PM
Quote:
Originally Posted by SirAdrian
People can steal your cookie information, then load it into their browser and be logged in as you. They can also post harmful content (movies, images, etc). If they were to post <base> tags or iframes, they can muck up all your links or load other sites in your pages.

Javascript is probably the biggest concern, but there many other annoyances.
Stealing the cookie information and logging in as another user (especially an admin) is the only item that really scares me, I'm not concerned about the others. How difficult is it for someone to do that? I don't need details (I don't want anyone that doesn't already know how to do it to learn), but I'd like to know if this is something that can be done by anyone with decent computer skills, or if it's something that is possible only by an NSA level hacker. I'm not concerned with the latter.

Dr.Viggy 07-07-2006 08:03 PM
thanks for the info everyone. i had been wondering the same thing.

kafi 11-27-2006 09:40 AM
Do I understand this issue correctly if I think:

- that threat comes only from users that will input html in the post causing the harm

OR

- certain broken html can become a hole that can be used (missued) by SPAMers for such purposes (in this case also trusted usegroup can do harm...??? if their html is open, broken etc.)

UncoderMom 01-15-2007 05:01 PM
I thought VB fixed the cookie theft issue in php?


All times are GMT. The time now is 01:00 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01470 seconds
  • Memory Usage 1,721KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete