miniBB Support Forums
|
Forums
|
Register
|
Search
|
Statistics
|
Manual
|
miniBB Support Forums
/
Bugs
/
2 XSS?
Guest
#1
|
Posted: 1 Oct 2008 12:11
I just saw this thread on another forum.
There are two XSS flaws in the latest miniBB 2.2
Cookie changing (Use a cookie editor): miniBBsite=>"><ScRiPt %0A%0D>alert(402967245059)%3B</ScRiPt>
XSS[2]: index.php?action=search&step=>"><ScRiPt %0A%0D>alert(XSStexthere)%3B</ScRiPt>&userto=USERIDHERE
Are these possible and if so, whats the fix?
Paul
CEO
#2
|
Posted: 1 Oct 2008 12:14
|
Edited by: Paul
It would good if you provide URL to that forum. I don't understand what this means and what effect it could have.
Guest
#3
|
Posted: 1 Oct 2008 12:17
http://h4cky0u.org/viewtopic.php?f=2&t=30205
thats where I saw it. you need to register to view that post
Paul
CEO
#4
|
Posted: 1 Oct 2008 12:26
Right now I've got reply from the hack's author. I will do a conversation with him and post results later. By now I truly don't see what's the sense of these "hacks".
Paul
CEO
#5
|
Posted: 2 Oct 2008 09:59
I hope it's
fixed in 2.2b now
(though the issue with cookie is under deep doubt); and the first one related to a
Captcha module
only.
miniBB Support Forums
/
Bugs
/ 2 XSS?
↑
Top
This topic is closed. New replies are not allowed.
News & Announcements
FAQ
How To
Bugs
The Other
Official Addons and Solutions
Custom Tutorials and Modifications
Master Class
Specific
Re-cycled
Suggestions
Testimonials
qwerty
Features
Requirements
Demo
Download
Showcase
Gallery of Arts
Compiler
Premium Extensions
Premium Support
License
Contacts
Enrich your miniBB-forums content,
creating public files storage with the
File Bank add-on
!
