minibb®
Fight the automated spam - protect your miniBB-forums,
getting the Captcha addon! Click here to read more.		Captcha Addon for miniBB
Community Forum
 | Forums | File Bank | Sign Up | Search | Statistics | Manual |
Bugs miniBB Community Forum / Bugs /

2 XSS?
 
Guest
#1 | Posted: 1 Oct 2008 12:11
I just saw this thread on another forum.

There are two XSS flaws in the latest miniBB 2.2

Cookie changing (Use a cookie editor): miniBBsite=>"><ScRiPt %0A%0D>alert(402967245059)%3B</ScRiPt>


XSS[2]: index.php?action=search&step=>"><ScRiPt %0A%0D>alert(XSStexthere)%3B</ScRiPt>&userto=USERIDHERE

Are these possible and if so, whats the fix?
Paul
CEO
#2 | Posted: 1 Oct 2008 12:14 | Edited by: Paul
It would good if you provide URL to that forum. I don't understand what this means and what effect it could have.
Guest
#3 | Posted: 1 Oct 2008 12:17
http://h4cky0u.org/viewtopic.php?f=2&t=30205

thats where I saw it. you need to register to view that post
Paul
CEO
#4 | Posted: 1 Oct 2008 12:26
Right now I've got reply from the hack's author. I will do a conversation with him and post results later. By now I truly don't see what's the sense of these "hacks".
Paul
CEO
#5 | Posted: 2 Oct 2008 09:59
I hope it's fixed in 2.2b now (though the issue with cookie is under deep doubt); and the first one related to a Captcha module only.
 
This topic is closed. You can't post a reply.
 
Online now: Guests - 38
Members - 0 		Most users ever online: 191 [24 Dec 2007 14:33]
Guests - 191 / Members - 0

Forums are powered by miniBB®