Forum Home Forum Home > Site News, Newbies, Help and Improvements > Report bugs here
  New Posts New Posts RSS Feed - Download denied
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Download denied
 Post Reply Post Reply Page  <12
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
wiz_d_kidd View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: January 13 2018
Location: EllicottCityMD
Status: Offline
Points: 1423 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wiz_d_kidd Quote  Post ReplyReply Direct Link To This Post Posted: October 06 2022 at 06:42
I'm not sure how this website works, but the root infection might actually be in the code that generates and updates the pages your browser receives. Removing the bad script from the output pages might not fix the problem, if it gets added again then next time the page refreshes.

So far, this is the status of the pages I'm aware of:

Main - not infected
Forums - infected
Prog Rock Guides - infected
Log In - not infected
Prog Radios - not infected
Prog Links - not infected
FAQ - infected
About Us - not infected

The bad script occurs multiple times on some of these pages, not just once.
“I don’t like country music, but I don’t mean to denigrate those who do. And for those who like country music, denigrate means to ‘put down.'” – Bob Newhart
Back to Top
wiz_d_kidd View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: January 13 2018
Location: EllicottCityMD
Status: Offline
Points: 1423 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wiz_d_kidd Quote  Post ReplyReply Direct Link To This Post Posted: October 06 2022 at 10:08
Apparently PA uses Web Wiz Forums software, version 11.01 (released 10 Sep 2014). The latest version is 12.05 (released 18 Jan 2022). I did a search for Web Wiz vulnerabilities, and found that many versions, beginning with v6.34 and extending thru v10.03, were identified as having vulnerability to cross-site scripting (XSS) attacks. That's a lot of versions for which they never fixed the problem, and it still might be present in v11.01.

https://www.cvedetails.com/cve/CVE-2006-0175/
https://www.exploit-db.com/exploits/28589
https://vulmon.com/searchpage?q=web+wiz+forum
https://www.nmmapper.com/st/exploitdetails/37678/36689/web-wiz-forums-multiple-cross-site-scripting-vulnerabilitiesdownload/



Edited by wiz_d_kidd - October 06 2022 at 10:10
“I don’t like country music, but I don’t mean to denigrate those who do. And for those who like country music, denigrate means to ‘put down.'” – Bob Newhart
Back to Top
chopper View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: July 13 2005
Location: Essex, UK
Status: Offline
Points: 20029 		Post Options Post Options   Thanks (0) Thanks(0)   Quote chopper Quote  Post ReplyReply Direct Link To This Post Posted: October 06 2022 at 12:13
PA is well behind in its version of the forum software but I don't suppose it's going to get upgraded any time soon since M@x seems to have abandoned it. I'm thinking PA is dying a slow death now, at some point the forum software will stop working (it's probably out of support now).
Back to Top
Nogbad_The_Bad View Drop Down
Forum & Site Admin Group
Forum & Site Admin Group
Avatar
RIO/Avant/Zeuhl & Eclectic Team

Joined: March 16 2007
Location: Boston
Status: Offline
Points: 20837 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Nogbad_The_Bad Quote  Post ReplyReply Direct Link To This Post Posted: October 06 2022 at 12:29
That's what I'm watching.
Ian

Host of the Post-Avant Jazzcore Happy Hour on Progrock.com

https://podcasts.progrock.com/post-avant-jazzcore-happy-hour/
Back to Top
 Post Reply Post Reply Page  <12

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.106 seconds.
Donate monthly and keep PA fast-loading and ad-free forever.