15 years on The Web
miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
News & Announcements miniBB Support Forums / News & Announcements /   

miniBB 2.2b release and Captcha add-on updates (minor security fixes)

Author Paul
Lead Developer
#1 | Posted: 2 Oct 2008 09:58 
As it was recently reported, and security issue provided by 'Rino', miniBB can be exploited to execute intrusion JavaScript code.

I personally think despite their theory, these issues are very vague and hard to imitate in practice. Anyway carrying about secure software, we weren't brave to ignore them and did the following updates:

1) In the Human Authorization (Captcha) add-on, there is a minor update in addon_authorize.php file. Please note we didn't change the version of the add-on because this issue doesn't affect any kind of the new development in this add-on. Premium customers will just need to download the version from their downloads area and overwrite this file.

2) In the miniBB core, there is update regarding bb_cookie.php file's function called getMyCookie. The new condition now will strictly deny any kind of cookie containing < or > signs (which are required to put if you execute JavaScript plant (previously, there was a security fix only removing clear slashes in the username).

These issues have very low practical importance, however I hope they will be appreciated by a hacking theory followers ;-)

Author Rino
#2 | Posted: 2 Oct 2008 11:29 
I was the one who found these two flaws. They are fixed now and I am reading the miniBB source to see if there are more flaws.

Author Paul
Lead Developer
#3 | Posted: 2 Oct 2008 11:36 | Edited by: Paul 
Thank you Rino, once again. Don't hesitate to mention any credit you want.

Author lvalics
#4 | Posted: 11 Oct 2008 15:52 
how do I get the new version?
I paid for this some time ago.

Author Paul
Lead Developer
#5 | Posted: 13 Oct 2008 03:06 
If you don't have access to our customers downloads area, contact us providing your order number, and we will send them by email.

News & Announcements miniBB Support Forums / News & Announcements / miniBB 2.2b release and Captcha add-on updates (minor security fixes) Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB