| Author |
Message |
|
|
|
Impossible, no. But unless you are going to start checking for DOM models using javascript then no you cannot.
|
 |
|
|
|
basically the email you sent is saying that the contents of that particular field are not checked nor altered and so anything can be put in there. With a little HTML or possibly PHP knowledge they could do small things. Remember the field in question is limited to 40 characters.
|
|
|
|
|
I have just tested your guestbook and am pleased to announce that you are successfully patched.
|
|
|
|
|
http://www.miamipremier.com/webCalendar/ works fine though but I would need to see the page with the iframe on.
|
|
|
|
Thats what I get from that link. The things I mentioned above are HTML and not PHP.
The above snippet you posted is for when you have chosen to have the calendar auto refresh.
|
|
|
|
|
Yes I have found a few of these scripts around. My advice is report them to their hosts. As to the exploit it basically involves putting a certain string of characters into the password box of the admin login and then pressing enter. It basically bypasses the login procedure and fools the guestbook into believing you are already logged in.
|
|
|
|
|
If we are talking a normal link then target="iframename" should work fine. If we are talking a form then place the target attribute in the form tag.
|
|
|
|
AGcode, or as it is more commonly known BBcode, allows the posting of URL's by placing them between url tags as such
[url]http://somesite.com[/url]
|
|
|
|
You are running an unpatched version of Advanced Guestbook 2.2. Anyone can log in to your admin area. You need to patch ASAP. You will find instructions on how to patch in this forum or at http://www.carbonize.co.uk/Board/viewtopic.php?t=20
DO THIS NOW!
|
|
|
|
|
Pheonix/Firebird/Firefox did not exist when the script in question was written. I have never looked at this script but I'm sure I could combine it with a browser detect script I have to increase it's range.
|
|
|
|
|
I wouldn't read to much into the browsers it says visitors use. Opera identifies it's self as Internet Explorer by default and it is easy to alter the user agent sent by Mozilla based web browsers/
|
|
|
|
|
You need to add some to the javascript and that should make it required for 99.99% of your visitors as they will get a warning. There is also some checking done in the script but this is only required if the user has javascript turned off or is using a browser that does not support it. I'll look into writing a mod for it but I'm tied up at present making a site for a client.
|
|
|
|
|
Make sure you use the complete url in the url variables. and notand so forth for the rest of the url stuff.
|
|
|
|
|
Sorry I meant at the bottom of the Style section You will find a setting called Server Time Zone Offset.
|
|
|
|
|
In the General Settings of the admin section it has a box where you can put in the time difference between your server and your time.
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login