miniBB Support Forums
|
Forums
|
Register
|
Reply
|
Search
|
Statistics
|
Manual
|
miniBB Support Forums
/
Bugs
/
Minibb 2.2a XSS Vulnerability
GAMeovER
Registered
#1
|
Posted: 2 May 2008 15:27
Description: miniBB is a bulletin board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "whatus" parameter of the "bb_admin" script. miniBB version 2.2a is affected.
http://www.securityfocus.com/archive/1/491375
Paul
CEO
#2
|
Posted: 3 May 2008 07:37
This issue won't work because
1) admin's script won't pass you to the area until you sign-in as admin (except of course
you as admin will hack your forum
- but why you should do this :)
2) admin's script should be renamed for security reasons and it's not always named as bb_admin.php.
Anyway we will take it into attention and fix it in the next release when we are ready to go. Thanks.
miniBB Support Forums
/
Bugs
/ Minibb 2.2a XSS Vulnerability
↑
Top
Your Reply
Short link for this topic:
?
You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.
Before posting, make sure your message is compliant with our
forum posting rules
. If not, it may be locked or deleted with no explanation.
News & Announcements
FAQ
How To
Bugs
The Other
Official Addons and Solutions
Custom Tutorials and Modifications
Master Class
Specific
Re-cycled
Suggestions
Testimonials
qwerty
Features
Requirements
Demo
Download
Showcase
Gallery of Arts
Compiler
Premium Extensions
Premium Support
License
Contacts
Extend your miniBB-forums, attaching the images and files,
get the
File and Picture Attachments add-on
!
