miniBB ®
 
miniBB Community Forum
 | Forums | File Bank | Sign Up | Reply | Search | Statistics | Manual |
Captcha Addon for miniBB Fight the automated spam - protect your miniBB-forums, getting the Captcha add-on!
Bugs miniBB Community Forum / Bugs /
Short link for this topic:

Minibb 2.2a XSS Vulnerability
Author GAMeovER
Forums Member
#1 | Posted: 2 May 2008 15:27
Description: miniBB is a bulletin board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "whatus" parameter of the "bb_admin" script. miniBB version 2.2a is affected.
http://www.securityfocus.com/archive/1/491375
Author Paul
CEO
#2 | Posted: 3 May 2008 07:37
This issue won't work because

1) admin's script won't pass you to the area until you sign-in as admin (except of course you as admin will hack your forum - but why you should do this :)

2) admin's script should be renamed for security reasons and it's not always named as bb_admin.php.

Anyway we will take it into attention and fix it in the next release when we are ready to go. Thanks.
Bugs miniBB Community Forum / Bugs / Minibb 2.2a XSS Vulnerability Top
Your Reply Click this icon to move up to the quoted message
» Username  » Password 
You are welcome to post anonymously by entering a nickname with no password (if that nickname has not been taken by another member) or by leaving both fields empty. If you have a forums membership account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 
miniBB Community Forum Powered by Free Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts