Normal TextMedium TextLarge Text
Sunday, August 01, 2010
  
About Us
Products
       Modules Modules
          Traffic Director Traffic Director
             Help Help
          Auto Size Iframe Auto Size Iframe
             Help Help
          User Navigation User Navigation
          UsersOnline With Roles UsersOnline With Roles
          Custom Page Options Custom Page Options
             Help Help
          Vendor Connections Vendor Connections
             Help Help
Support
       Forums Forums
       Tutorials Tutorials
Purchase
 
In This Section
Minimize
Where was I
Maximize
Ads

Learn more

Learn more

Learn more

Learn more
Users Online Users Online
Minimize
Membership Membership:
Latest New User Latest:Paul Leamy
New Today New Today:0
New Yesterday New Yesterday:1
User Count Overall:2821
Roles OnlineRoles Online:
TotalSupport:0
People Online People Online:
Visitors Visitors:4
Members Members:0
Total Total:4
PageOptions PageOptions
Print current page.  Print This Page
Email current page.  Email This Page
  Bookmark
Sets or adds current page to Homepage(s).  Homepage
   
  

Inspired to extend DotNetNuke®, everyday.

Register Login
 
..:: Support   »   Forums ::..
 
 Forums Forums   Contact Us Contact Us   Help Help 
DNNSpired Forums
 
  Forums  Autosize Iframe  Discuss It, Lea...  Security Issue
Previous Previous
 
Next Next
New Post 8/20/2008 11:45 AM
Unresolved
User is offline Speedster
0 posts
No Ranking


Security Issue  (United Kingdom)

Hi,

 

Our security scan showed that if you enter the following

 

http://....../default.aspx?au_iframe=www.microsoft.com

 

you will get through to the microsoft website through the ds_autosize iFrame, is there anyway of controling what urls are allowed through the querystring?

 

Thanks

 
New Post 8/20/2008 12:44 PM
User is offline David Dyer
0 posts
No Ranking


Re: Security Issue  (United States)

Currently this not avaliable.  You can disable the feature in the configuration of the module, to prevent the iframe from using the query string feature.

 
New Post 8/21/2008 12:22 PM
User is offline Speedster
0 posts
No Ranking


Re: Security Issue  (United Kingdom)

Hi,

 

We need the feature to enter URLs but we wouldn't want other people to edit the URL property. Are there any plans on improving this security issue?

Thanks

 
New Post 2/15/2010 4:58 AM
User is offline Supahoopsa
1 posts
No Ranking


Re: Security Issue  (United Kingdom)

 Our latest security audit has also highlighted this problem.

It is possible to change the AU_IFRAME parameter and inject an alternative URL or even script.

Does the latest version of the AutoSize iFrame module have ways of validating/restricting this parameter?

If not, are there plans to address this issue soon?

 
 Page 1 of 1
Previous Previous
 
Next Next
  Forums  Autosize Iframe  Discuss It, Lea...  Security Issue
Social Bookmarks Social Bookmarks
Add this link to my Digg It account.  Digg This
Add this link to my del.ico.us account  del.ico.us
Add this link to my Slashdot account  Slashdot
Add this link to my Yahoo account  Y! MyWeb
Add this link to Newsvine account  Newsvine
Add this link to my Reddit account  Reddit
 Forums Forums   Contact Us Contact Us   Help Help 
DotNetNuke® Powered! v05.01.00
DotNetNuke®
Powered! v05.01.00
About Us | Products | Support | Purchase
Copyright (c) 2010 DNNSpired.comTerms Of Use | Privacy Statement
DotNetNuke® is a registered trademark of the DotNetNuke Corporation.
 Page Ranking Tool