Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Why is HTML in forums so dangerous?
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #11  
Old 07-02-2006, 06:59 AM
twobob's Avatar
twobob twobob is offline
 
Join Date: Mar 2006
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hi Guys

So the security issue is about someone with HTML posting access, posting something nasty - not about viewing HTML from someone trusted?

(Ie - if I'm the only one to post in HTML, then are there any security issues to worry about?)

Also, if I have some HTML (eg IFRAME) within the post, why won't it print? (ie - I see my HTML image within my post, but not when I try to print it!).

Thanks for your help

twobob
Reply With Quote
  #12  
Old 07-07-2006, 04:22 PM
sydude's Avatar
sydude sydude is offline
 
Join Date: Aug 2004
Location: New York
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by SirAdrian
People can steal your cookie information, then load it into their browser and be logged in as you. They can also post harmful content (movies, images, etc). If they were to post <base> tags or iframes, they can muck up all your links or load other sites in your pages.

Javascript is probably the biggest concern, but there many other annoyances.
Stealing the cookie information and logging in as another user (especially an admin) is the only item that really scares me, I'm not concerned about the others. How difficult is it for someone to do that? I don't need details (I don't want anyone that doesn't already know how to do it to learn), but I'd like to know if this is something that can be done by anyone with decent computer skills, or if it's something that is possible only by an NSA level hacker. I'm not concerned with the latter.
Reply With Quote
  #13  
Old 07-07-2006, 08:03 PM
Dr.Viggy Dr.Viggy is offline
 
Join Date: Apr 2006
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
thanks for the info everyone. i had been wondering the same thing.
Reply With Quote
  #14  
Old 11-27-2006, 09:40 AM
kafi kafi is offline
 
Join Date: Apr 2004
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Do I understand this issue correctly if I think:

- that threat comes only from users that will input html in the post causing the harm

OR

- certain broken html can become a hole that can be used (missued) by SPAMers for such purposes (in this case also trusted usegroup can do harm...??? if their html is open, broken etc.)
Reply With Quote
  #15  
Old 01-15-2007, 05:01 PM
UncoderMom UncoderMom is offline
 
Join Date: May 2006
Location: My office chair!
Posts: 567
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I thought VB fixed the cookie theft issue in php?
Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 08:11 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08018 seconds
  • Memory Usage 2,200KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete