15 years on The Web
miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Search | Statistics | Manual |
Bugs miniBB Support Forums / Bugs /   

2 XSS?

Author Guest
#1 | Posted: 1 Oct 2008 12:11 
I just saw this thread on another forum.

There are two XSS flaws in the latest miniBB 2.2

Cookie changing (Use a cookie editor): miniBBsite=>"><ScRiPt %0A%0D>alert(402967245059)%3B</ScRiPt>

XSS[2]: index.php?action=search&step=>"><ScRiPt %0A%0D>alert(XSStexthere)%3B</ScRiPt>&userto=USERIDHERE

Are these possible and if so, whats the fix?

Author Paul
Lead Developer
#2 | Posted: 1 Oct 2008 12:14 | Edited by: Paul 
It would good if you provide URL to that forum. I don't understand what this means and what effect it could have.

Author Guest
#3 | Posted: 1 Oct 2008 12:17 

thats where I saw it. you need to register to view that post

Author Paul
Lead Developer
#4 | Posted: 1 Oct 2008 12:26 
Right now I've got reply from the hack's author. I will do a conversation with him and post results later. By now I truly don't see what's the sense of these "hacks".

Author Paul
Lead Developer
#5 | Posted: 2 Oct 2008 09:59 
I hope it's fixed in 2.2b now (though the issue with cookie is under deep doubt); and the first one related to a Captcha module only.

Bugs miniBB Support Forums / Bugs / 2 XSS? Top
This topic is closed. New replies are not allowed.
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB