[geeklog-devel] Forums hack

Joe Mucchiello joe at ThrowingDice.com
Mon May 21 22:29:07 EDT 2007


There's an annoying forum hack plaguing www.geeklog.net. I'm posting 
here, rather than directly to Dirk, so Blaine finds out too.

Apparently no filtering is being done on the anonymous author. 
Someone figured this out and put a meta-equiv command as their name 
to refresh. Of course the whole refresh didn't fit in the database so 
you just get an error. But every occurrence of that "name" reloads 
the bad url. This includes the "last ten posts" on the home page and 
on the forum page, whatever forum contains the bad name causes the 
list of forums to reset. Here's the offending line. Thankfully the 
refresh was set to "1;".

<a class="tooltip" style="text-decoration:none;" 
href="http://www.geeklog.net/forum/viewtopic.php?showtopic=76496"><span 
style="left:50px;"><br>Started by:,<meta http-equiv="refresh" 
content="1; URL=www.gre,05/21/07 18:49 PM<br>Views:7, Replies:0<br></span></a>

Dirk, you might want to update the aname field on the topic before 
deleting the record. See if there's anything else interesting about 
whomever posted this.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 




More information about the geeklog-devel mailing list