(UTC)
 Choose Language:
  BoardMod MirrorYaBB & BoardModProgramming & Coding Board › Form SPOOFING in YaBB
Previous Topic | Next Topic
Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic Form SPOOFING in YaBB (Read 8087 times)
Martin_W
Senior Member
****
Offline


I love YaBB 1G - SP1.2!

Posts: 463
Location: Devon
Joined: Jun 22nd, 2005
Gender: Male
Form SPOOFING in YaBB
Jan 18th, 2009 at 3:28pm
Print Post  
I am writing a small script that opens a window which contains a small form.

When I submit the form, I get this message:

"Error: ALERT!! Form Spoofing Detected coming from IP address: xxx"

I thought this message would come up if the submitted form was comming from a different URL?

I am not finding it easy to trouble shoot this!

The form action I am using is "$scripturl?action=mynewsub"

Any pointers?
  
Back to top
WWW  
IP Logged
 
Martin_W
Senior Member
****
Offline


I love YaBB 1G - SP1.2!

Posts: 463
Location: Devon
Joined: Jun 22nd, 2005
Gender: Male
Re: Form SPOOFING in YaBB
Reply #1 - Jan 18th, 2009 at 3:44pm
Print Post  
OK, Adding the below to my form has worked, but I am sure it is not the correct way to do things!?!?!?!

<input type="hidden" name="formsession" value="$mbname$username">
  
Back to top
WWW  
IP Logged
 
deti
Full Member
***
Offline


YaBB is the best!!!

Posts: 101
Location: Prien am Chiemsee
Joined: Mar 13th, 2008
Re: Form SPOOFING in YaBB
Reply #2 - Jan 18th, 2009 at 5:20pm
Print Post  
In Subs.pl you find this:

Code
Select All
	$output =~ s~</form>~<input type="hidden" name="formsession" value="$formsession" /></form>~g;


Wink
  
Was immer Du tun kannst
oder erträumst tun zu können,
beginne es.
Kühnheit besitzt Genie,
Macht und magische Kraft.
Beginne es jetzt. 		Whatever you can do
or dream you can,
begin it.
Boldness has genius,
power and magic in it.
Begin it now.
Johann Wolfgang Goethe
Back to top
 
IP Logged
 
Martin_W
Senior Member
****
Offline


I love YaBB 1G - SP1.2!

Posts: 463
Location: Devon
Joined: Jun 22nd, 2005
Gender: Male
Re: Form SPOOFING in YaBB
Reply #3 - Jan 18th, 2009 at 5:45pm
Print Post  
Thanks.

Still not sure what I am meant to do?
  
Back to top
WWW  
IP Logged
 
deti
Full Member
***
Offline


YaBB is the best!!!

Posts: 101
Location: Prien am Chiemsee
Joined: Mar 13th, 2008
Re: Form SPOOFING in YaBB
Reply #4 - Jan 18th, 2009 at 7:15pm
Print Post  
Martin_W wrote on Jan 18th, 2009 at 5:45pm:
Still not sure what I am meant to do?

To avoid form spoofing the actual formsession must be transmitted. So, if you run the output through the sub in Subs.pl you must do nothing, if your output goes extra, then add the <input ..>-tag from inside the RegEx inside your <form ... >...</form> Smiley
  
Was immer Du tun kannst
oder erträumst tun zu können,
beginne es.
Kühnheit besitzt Genie,
Macht und magische Kraft.
Beginne es jetzt. 		Whatever you can do
or dream you can,
begin it.
Boldness has genius,
power and magic in it.
Begin it now.
Johann Wolfgang Goethe
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint
Previous Topic | Next Topic
 
  « Board Index ‹ Board Top  

BoardMod Mirror » Powered by YaBB 2.6.12!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid RSS Valid XHTML Valid CSS Powered by Perl Source Forge