1
Bananadude
Feed Injection in Web 2.0

One new feature of "Web 2.0", the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically providing users with a summary of that sites content. Unfortunately, many of the applications that receive this data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack.

This white paper discusses various forms of attacks based on Web feeds that follow the RSS, Atom and XML standards. This paper does not extensively cover each XML element and its usage within Web-based feeds, nor does it address other vulnerability scenarios such as buffer overflows and other XMLspecific risks. The goal of this paper is to outline the risks of lesser-known threats which are currently emerging on the Web utilizing Cross-Site Scripting.

Read it at
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf
--- censored by Bananadude ---



2
Bananadude
Re: I have an unusal sound when some pages load
  • 2006/2/21 9:12

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


I had the same issue earlier, but it has nothing to do with Xoops.
Put on some music in the background and visit a random site where you have to scroll a bit, if you get the screechy noice then too then it may have something to do with your soundcard or the installation of it, I think.
If the sound is back to normal when you restart your computer and try the scrolling again you shouldn't worry to much about it. Besides ..musiceffects like screeching is cool too

Best Regards,
Bananadude
--- censored by Bananadude ---



3
Bananadude
Re: Free Webhosts
  • 2006/1/3 22:15

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


Quote:

Bender wrote:
Open a new thread with the initial posting and additionally a link to this pro and con thread for those who want to discuss and clearly state in the new one to stay on topic (just listings). I will try to protect that thread from getting of its purpose then. (drop me a pm if it does and i dont see it)


hmm maybe another day, thanks for the support.

Best Regards,
Bananadude
--- censored by Bananadude ---



4
Bananadude
Re: Free Webhosts
  • 2006/1/3 21:50

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


blah blah blah .. *bananadude is singing a song because of all the complaining*
I neverever said that you must to go for a free host, and the case as the one above about spyware has never happend to me or anyone elses I know about.
The reason for posting this topic was not because of discussing the credibility of free hosts, but for sharing trusty webhost that works.

Not everyone is stinn of money, yeah I know that many payhosts is cheap, but most of them do also have an establish fee. If you for example is going to develope a webpage that you use a year or so to finish it would be just silliness to pay for it before it's finished.

Anyway, there is trusty free webhosts out there, if you use it for a personal website, for developing/whatever that will be up to them who choose that, it's not everyone who wanna pay for a webhosts and it's difficult to find free trusty webhosts - that was the only reason for posting this topic.
If you don't like free hosts or don't want to give them a try, then don't do it either, theres no one who says what you have to do.

It's true that you can't expect everything with a free webhost, but many don't want everything either, and it's not only 10 year old kids talking about their dolls who choose free hosting.

I don't want to start a "fight", it was just for helping, but sorry then..

Best Regards
Bananadude
--- censored by Bananadude ---



5
Bananadude
Re: Problem with module webstat, please help me :-(
  • 2005/12/26 19:06

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


It's not the template.html you have to paste the code in, but in theme.html
Go to themes\TheThemeYouUse\theme.html

find
<td id="footerbar">


and paste the following below it:
<{if $xoops_isadmin != 1}>
              <
script type="text/Javascript">
          <!--
          
istat = new Image(1,1);
          
istat.src "http://YOUR_XOOPS_SITE_URL/modules/istats/include/counter.php?sw="+screen.width+"&sc="+screen.colorDepth+"&refer="+escape(document.referrer)+"&page="+location.href;
          
//-->
          
</script>
        <{/if}>

(replace YOUR_XOOPS_SITE_URL)


But wouldn't it be easier to just add the script in footer from the admin-menu?
Log in to your admin-panel, go to preferences and choose footer. If it works, then you don't have to add it to any of your theme.html

Best Regards,
Bananadude
--- censored by Bananadude ---



6
Bananadude
Re: User Usage Stats
  • 2005/12/26 18:33

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


no more info about PHP-Stats?
Anyway, if anyone is interested; NetTracker 7.5 Lite seems to be a great statistic tool.

Download:
http://www.nettrackerlite.com/download/

Demo:
http://www.nettrackerlite.com/demo/reports/index.html

Kind regards,
Bananadude
--- censored by Bananadude ---



7
Bananadude
Re: Help, Please
  • 2005/12/26 18:25

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


I think that the sql-error can be solved by updating the Profile module, go to modules in the adminpanel and choose update for the Profile module.

Best Regards,
Bananadude
--- censored by Bananadude ---



8
Bananadude
Re: Merry Christmas to all!
  • 2005/12/25 15:22

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


Happy Holidays everyone!

I didn't get any bananamash
--- censored by Bananadude ---



9
Bananadude
Re: Mainfile.php Read-Only?
  • 2005/12/24 11:11

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


Make a new file and add the following to it:
chmod("mainfile.php"0444);


save it as whateverYouWant.php, upload it to the root of your Xoops-directory and call it from your browser.

You should also read the topic What are the correct file permissions?

Best Regards,
Bananadude
--- censored by Bananadude ---



10
Bananadude
Re: Help, Please
  • 2005/12/22 15:42

  • Bananadude

  • Not too shy to talk

  • Posts: 155

  • Since: 2005/9/16


Go tohttp://www.rightlinks.co.uk/portal/user.php
log in to your control panel, enable phpdebug from system preferences, go back to the index and see if you gets any errors/warnings.

Best Regards,
Bananadude
--- censored by Bananadude ---




TopTop
(1) 2 3 4 ... 13 »



Login

Who's Online

215 user(s) are online (114 user(s) are browsing Support Forums)


Members: 0


Guests: 215


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits