miniBB Support Forums | 15 years on The Web
miniBB ®

miniBB

®
 
 | Forums | Register | Reply | Search | Statistics | Manual |
Bugs miniBB Support Forums / Bugs /   
 

Minibb 2.2a XSS Vulnerability

 
Author GAMeovER
Partaker
#1 | Posted: 2 May 2008 15:27 
Description: miniBB is a bulletin board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "whatus" parameter of the "bb_admin" script. miniBB version 2.2a is affected.
http://www.securityfocus.com/archive/1/491375

Author Paul
Lead Developer
#2 | Posted: 3 May 2008 07:37 
This issue won't work because

1) admin's script won't pass you to the area until you sign-in as admin (except of course you as admin will hack your forum - but why you should do this :)

2) admin's script should be renamed for security reasons and it's not always named as bb_admin.php.

Anyway we will take it into attention and fix it in the next release when we are ready to go. Thanks.

Bugs miniBB Support Forums / Bugs /
 Minibb 2.2a XSS Vulnerability
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


 ?
You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
↑ TOP