Send to Friend problem

Hangin' Around Joined: Jan 22, 2004 Posts: 31

Hello,

using your wonderfull Sentinel, I get almost every day a mail, that hackers couldn't get , what they want. So thanks for o graet security tool.

Last day one user get a problem of bannig after sending a story to a friend (not with the first send, but with fiffth or sth)

He was banned, but after some ours - he was able to see the page.

The link sent to me was

Code:




Query String: prawica.net/modules.php?name=News&file=friend&op=StorySent&title=Fa%B3szerstwo+koronnego+


dowodu+%28V%29&fname=Gazeta+Wyborcza


Forwarded For: none

I couldn't find sth like that through searching the Forums. Did you know this problem?
Is it fixed v. 2.0 (I want to upgrade)

Thank for ypur work - GRAET!!!

Andrzej

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Don't know if we fixed it cause I don't see the problem, but you need to upgrade regardless Wink

Posted: Sun Aug 08, 2004 11:15 am

I upgraded - VEEEERY nice progress. Smile

But my problem remains Confused

It doesn't occur, when I sent a friend, but when sb uses a "strange" (%22) character

I receive such an email:

Code:

Reason: Abuse-Script


--------------------


User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)


Query String: [ Only registered users can see links on this board! Get registered or login! ]


StorySent&fname=%22Midrasz%22


Forwarded For: none


Client IP: none


Remote Address: 62.87.189.132


Remote Port: 3325


Request Method: GET

What to do?

Andrzej

Posted: Sun Aug 08, 2004 12:58 pm

%22, I believe, is a " mark. Neither nuke nor Sentinel allow " marke is query strings. That's how scripting attacks occur.