Jump to content
toblix

Just testing if ILDE THUMBS IS BROKEN! [It's not]

Recommended Posts

Hello?

If this works, I'll try editing...

edit: If this works, I'm sorry.

Share this post


Link to post
Share on other sites

I tried to edit another post of mine (to insert a hilarious edition), but no matter what I did, I got an error ("forbidden love"). I was just testing if the whole edit post system was broken, or if it was just my admittedly pedophile post addition that was detected.

Share this post


Link to post
Share on other sites

There is a minor bug...You have to click on "Edit" twice for it to work, otherwise if you move the mouse around the cursor turns into the "Busy" icon.

Share this post


Link to post
Share on other sites

No I've been getting those forbidden messages too, when psoting new threads or replying... not sure what it is though...

Share this post


Link to post
Share on other sites

that was so weird, it seems it wouldn't let me post the phrase 'bargain / kill' with the spaces either side of the backslash removed.

Try it yourself!

Share this post


Link to post
Share on other sites

Oh crap, I just posted my thoughts on the matter in the Fallout thread. Looks like vBulletin parses some commands preceded by a slash or something. The "bargain" bit is irrelevant. However, observe:

/kill?

/kill

Share this post


Link to post
Share on other sites

oh the smilie thing is just a minimum character count. Add a couple spaces before and after and it should be fine. Or post two smilies :tup:

Share this post


Link to post
Share on other sites

testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...testing.... testing.... testing... testing...

It's still not working.

Share this post


Link to post
Share on other sites
So is this a false positive from the input sanitiser? What happens if I put in some html like this

<b>Bold text</b>

EDIT: Nope, worked fine :erm:

You'd hope that that would return something other than a server error. Besides, the following are all fine:

/k

/kil

/killing

I'm pretty sure it's a specific keyword.

Share this post


Link to post
Share on other sites
Seriously, I can't post a smilie. Fucking server is prejudiced or some shit.

Did you install ScriptBlock for Firefox recently and forget to whitelist the site? :erm:

Share this post


Link to post
Share on other sites
You'd hope that that would return something other than a server error. Besides, the following are all fine:

/k

/kil

/killing

I'm pretty sure it's a specific keyword.

Oh you get a sever error? My guess then is that the input sanitiser isn't working.

/kill

probably terminates the process on the server.

Share this post


Link to post
Share on other sites
Oh you get a sever error? My guess then is that the input sanitiser isn't working.
/kill

probably terminates the process on the server.

Yeah, that's kind of what I was guessing in the Fallout thread where this came up. It seems weird that not only are the contents of the post not properly sanitized, they're also executed. Then again, I don't know much beyond the basics of web development. Or programming in general.

Share this post


Link to post
Share on other sites

Maybe it's being interpreted as a command line argument as the message is being passed between programs? Kill on it's own wouldn't do anything so it's not a command being executed.

Share this post


Link to post
Share on other sites

I'm assuming idlethumbs is using mod_security

This is a quite standard error message created by mod_security when one of it's protections is triggered.

There is probably a config entry for mod_security like this:

SecFilterSelective THE_REQUEST "/bin/kill"

For example, this also breaks stuff:

/chsh

/gcc

/ping

Share this post


Link to post
Share on other sites
Did you install ScriptBlock for Firefox recently and forget to whitelist the site? :erm:

Nope, no scriptblock... I might try a different browser though. :shifty:

*or not, maybe it's fixed :erm:

Share this post


Link to post
Share on other sites
I'm assuming idlethumbs is using mod_security

This is a quite standard error message created by mod_security when one of it's protections is triggered.

There is probably a config entry for mod_security like this:

SecFilterSelective THE_REQUEST "/bin/kill"

For example, this also breaks stuff:

/chsh

/gcc

/ping

Cool. Now I'm going to look up mod_security.

Oh, an Apache thing. Yeah, I don't know too much about that sort of thing at all. Maybe one day I'll properly learn some stuff.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×