Índice del Foro DiosNosLibre.com DiosNosLibre.com
Foro para forros
 
 BuscarBuscar   Lista de MiembrosLista de Miembros   Grupos de UsuariosGrupos de Usuarios   RegístreseRegístrese 
 PerfilPerfil   Identifíquese para revisar sus mensajesIdentifíquese para revisar sus mensajes   ConectarseConectarse 

Why not HTML?¿

 
Este foro está bloqueado: no se puede publicar, responder, ni editar mensajes en este tema.   El tema está bloqueado: no pueden editarse ni agregar mensajes.    Índice del Foro DiosNosLibre.com -> Bo! Hay algo que no me cuadra
Ver tema anterior :: Ver siguiente tema  
Autor Mensaje
zipo.migas
Promotora promíscua


Registrado: 24 Oct 2006
Mensajes: 213

MensajePublicado: Mie Dic 27, 2006 9:05 am    Título del mensaje: Why not HTML?¿ Responder citando

Me gustaría abilitar HTML, por que no puedo?¿
O... Como hago para abilitarlo?¿
El BBCode ta bueno, pero prefiero HTML...

Gracias por su colaboración, CHE!!!
_________________
GUARDA! me quiero bajar...



ayuden a una causa justa!!!!
Volver arriba
Ver perfil del usuario
N3m0
The French Guy


Registrado: 28 Jul 2005
Mensajes: 1619
Ubicación: A. Brocco, esq. L. Alonsoperez

MensajePublicado: Mie Dic 27, 2006 11:37 am    Título del mensaje: Responder citando

Ya se discutio el tema en otro topic, no me acuerdo cual... En realidad l problema es que con el HTML habilitado, el foro se vuelve demasiado "hackeable".
_________________
Volver arriba
Ver perfil del usuario
zipo.migas
Promotora promíscua


Registrado: 24 Oct 2006
Mensajes: 213

MensajePublicado: Mie Dic 27, 2006 12:16 pm    Título del mensaje: Responder citando

he?¿ hackeable?¿?¿?
Eso no existe en uruguay, CHE!
Hablando en serio; de que forma hackeable?¿ no entiendo Crying or Very sad
_________________
GUARDA! me quiero bajar...



ayuden a una causa justa!!!!
Volver arriba
Ver perfil del usuario
Cacho_LaGarza
Sucesor de Norris


Registrado: 21 Jul 2005
Mensajes: 4549
Ubicación: Morro Morro Land, Silent Hill

MensajePublicado: Mie Dic 27, 2006 12:18 pm    Título del mensaje: Responder citando

N3m0 escribió:
problema es que con el HTML habilitado, el foro se vuelve demasiado "hackeable".


si, algo asi, lo volvés "vulnerable" al pedo al foro. no hay nada raro que se pueda hacer con html y no con bbcode .... (bah, meter flash capaz.... habria que conseguir un mod para tags [flash] )
_________________
Poop.
Volver arriba
Ver perfil del usuario
zipo.migas
Promotora promíscua


Registrado: 24 Oct 2006
Mensajes: 213

MensajePublicado: Mie Dic 27, 2006 12:20 pm    Título del mensaje: Responder citando

Sigo sin entender, si se habilita HTML, explota el foro?¿
Dejen de usar tantas comillas y expliquense, CHE!!1
_________________
GUARDA! me quiero bajar...



ayuden a una causa justa!!!!
Volver arriba
Ver perfil del usuario
Xobra
The Dude


Registrado: 21 Oct 2006
Mensajes: 1945
Ubicación: Con tu hermana...

MensajePublicado: Mie Dic 27, 2006 12:35 pm    Título del mensaje: Responder citando

zipo.migas escribió:
he?¿ hackeable?¿?¿?
Eso no existe en uruguay, CHE!
Hablando en serio; de que forma hackeable?¿ no entiendo Crying or Very sad


Es mas seguro para el sitio y para la persona que visita el sitio, la explicacion seria un curso de HTML mas algun lenguaje SCRIPT.
_________________
Firma violada por Imageshack
Volver arriba
Ver perfil del usuario
zipo.migas
Promotora promíscua


Registrado: 24 Oct 2006
Mensajes: 213

MensajePublicado: Mie Dic 27, 2006 12:47 pm    Título del mensaje: Responder citando

No me parece, existen infinidad de foros seguros que utilizan HTML. BBCode es para principiantes, hay millones de aplicaciones en HTML, es cierto, pero me parece que es muy dificil que llegue al punto de inseguridad.
_________________
GUARDA! me quiero bajar...



ayuden a una causa justa!!!!
Volver arriba
Ver perfil del usuario
Cacho_LaGarza
Sucesor de Norris


Registrado: 21 Jul 2005
Mensajes: 4549
Ubicación: Morro Morro Land, Silent Hill

MensajePublicado: Mie Dic 27, 2006 1:41 pm    Título del mensaje: Responder citando

En el 99% de los foros PhpBB que conozco no se permite el uso de tags html.

Cita:
PHPBB IMG Tag HTML Injection Vulnerability

PhpBB is prone to an HTML injection vulnerability. This is due to the application failing to properly sanitize user-supplied input.

The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user.

This issue was reported to affect phpBB version 2.0.7, however, earlier versions may also be vulnerable.

http://www.securityfocus.com/bid/12008/discuss

Cita:
Exploit Targets New phpBB 2.0.18 Security Hole

An exploit has been released for a new security hole in phpBB 2.0.18, the popular web forum software. The attack has the potential to compromise any phpBB 2.0.18 installation that has enabled the use of HTML in forum messages, a setting which is disabled in the default configuration. Allowing HTML in forms poses a security risk, but is popular with forum participants and thus may be activated by some web site operators. The vulnerability in version 2.0.18 was was featured on security sites Monday, and exploit code is now in the wild, according to the Internet Storm Center, which noted that "an exploit has been posted in several places that will do brute force dictionary attacks to get the passwords of phpBB users." The exploit can be defended if phpBB's "Allow HTML" and register_globals settings are both disabled

Some web hosts have banned the use of phpBB, citing ongoing security problems. Hackers often seek out vulnerabilities in forum software, which typically offers many fields that all must check input to detect malicious code.

PHP, an open source server-side scripting language, is widely used to power web applications that connect with databases such as MySQL, and is commonly bunded with shared hosting accounts offered by web hosting providers. phpBB is among the web's most popular bulletin board programs, with more than 224,000 registered members of its user forum. A number of web hosts offer phpBB as an account add-on that can easily be installed by users.

http://www.phpbb.com/phpBB/viewtopic.php?t=352572

_________________
Poop.
Volver arriba
Ver perfil del usuario
zipo.migas
Promotora promíscua


Registrado: 24 Oct 2006
Mensajes: 213

MensajePublicado: Mie Dic 27, 2006 2:08 pm    Título del mensaje: Responder citando

Cacho_LaGarza escribió:
En el 99% de los foros PhpBB que conozco no se permite el uso de tags html.

Cita:
PHPBB IMG Tag HTML Injection Vulnerability

PhpBB is prone to an HTML injection vulnerability. This is due to the application failing to properly sanitize user-supplied input.

The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user.

This issue was reported to affect phpBB version 2.0.7, however, earlier versions may also be vulnerable.

http://www.securityfocus.com/bid/12008/discuss

Cita:
Exploit Targets New phpBB 2.0.18 Security Hole

An exploit has been released for a new security hole in phpBB 2.0.18, the popular web forum software. The attack has the potential to compromise any phpBB 2.0.18 installation that has enabled the use of HTML in forum messages, a setting which is disabled in the default configuration. Allowing HTML in forms poses a security risk, but is popular with forum participants and thus may be activated by some web site operators. The vulnerability in version 2.0.18 was was featured on security sites Monday, and exploit code is now in the wild, according to the Internet Storm Center, which noted that "an exploit has been posted in several places that will do brute force dictionary attacks to get the passwords of phpBB users." The exploit can be defended if phpBB's "Allow HTML" and register_globals settings are both disabled

Some web hosts have banned the use of phpBB, citing ongoing security problems. Hackers often seek out vulnerabilities in forum software, which typically offers many fields that all must check input to detect malicious code.

PHP, an open source server-side scripting language, is widely used to power web applications that connect with databases such as MySQL, and is commonly bunded with shared hosting accounts offered by web hosting providers. phpBB is among the web's most popular bulletin board programs, with more than 224,000 registered members of its user forum. A number of web hosts offer phpBB as an account add-on that can easily be installed by users.

http://www.phpbb.com/phpBB/viewtopic.php?t=352572


Como verás sigue despés de eso:

Cita:
You can not design for problems you do not know about. Internet Explorer has a bug that will allow someone to send it an "image" that is really a program, and compromise it. PHPBB tries to fix that by limiting what can appear in an IMG tag, but it isn't enough - if someone has access to a server, you can build a legal URL that will look like an image file (no script references or other suspicious content), even be verifiable to contain an image when checked, and yet still send a compromise program to a real IE user. How is this PHPBB's fault? How does taking a "corporate attitude" towards the problem fix Internet Explorer?

You can only protect IE users by eliminating any possibility of anyone other than yourself providing content to your site. You can not provide links to external pages or images, especially those that can be provided by others; if it isn't on your server, you don't control it, and you can not protect IE users from it. It's as simple as that.

The problem is that "the world wide web" is all about links, and that's where the security of Internet Explorer falls apart. It's too trusting of content - if I send a file "bob.jpg" to IE, and it's really a executable, IE will execute it, rather than deciding it's a bad JPG file. Oops! Fix PHPBB!

IE has so many flaws that have yet to be discovered (or publicised) that it could be years before everyone "protects" IE users "enough", but Microsoft keeps introducing new flaws, with each new version. Can you tell me what the PHPBB development team will need to change in PHPBB to be ready to protect IE 7 users?

_________________
GUARDA! me quiero bajar...



ayuden a una causa justa!!!!
Volver arriba
Ver perfil del usuario
GaaRa
The Preacher


Registrado: 22 Jul 2005
Mensajes: 2900

MensajePublicado: Mie Dic 27, 2006 3:27 pm    Título del mensaje: Responder citando

esto ya se hablo, y se decidio k keda desabilitado, asike lleven:



LOCK
_________________
Volver arriba
Ver perfil del usuario
Mostrar mensajes anteriores:   
Este foro está bloqueado: no se puede publicar, responder, ni editar mensajes en este tema.   El tema está bloqueado: no pueden editarse ni agregar mensajes.    Índice del Foro DiosNosLibre.com -> Bo! Hay algo que no me cuadra Todas las horas están en GMT - 3 Horas
Página 1 de 1

 
Saltar a:  
No puede crear mensajes
No puede responder temas
No puede editar sus mensajes
No puede borrar sus mensajes
No puede votar en encuestas


Powered by Tovvers