miniBB Support Forums | 16 years on The Web
miniBB ® 


 | Begin | Register | Reply | Search | Statistics | File Bank | Manual |
Bugs miniBB Support Forums / Bugs /   

Minibb 2.2a XSS Vulnerability

Author GAMeovER
#1 | Posted: 2 May 2008 15:27 
Description: miniBB is a bulletin board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "whatus" parameter of the "bb_admin" script. miniBB version 2.2a is affected.

Author Paul
Lead Developer
#2 | Posted: 3 May 2008 07:37 
This issue won't work because

1) admin's script won't pass you to the area until you sign-in as admin (except of course you as admin will hack your forum - but why you should do this :)

2) admin's script should be renamed for security reasons and it's not always named as bb_admin.php.

Anyway we will take it into attention and fix it in the next release when we are ready to go. Thanks.

Bugs miniBB Support Forums / Bugs /
 Minibb 2.2a XSS Vulnerability
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.