miniBB ®

miniBB

®
Support Forums		   
 · Start · Sign in · Register · Search · Statistics · File Bank · Manual ·
Bugs miniBB Support Forums / Bugs /  
 

Minibb 2.2a XSS Vulnerability

 
Author GAMeovER
Partaker		 #1 · Posted: 2 May 2008 15:27
Description: miniBB is a bulletin board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "whatus" parameter of the "bb_admin" script. miniBB version 2.2a is affected.
http://www.securityfocus.com/archive/1/491375

Author Paul
Lead Lead Developer		 #2 · Posted: 3 May 2008 07:37
This issue won't work because

1) admin's script won't pass you to the area until you sign-in as admin (except of course you as admin will hack your forum - but why you should do this :)

2) admin's script should be renamed for security reasons and it's not always named as bb_admin.php.

Anyway we will take it into attention and fix it in the next release when we are ready to go. Thanks.

Bugs miniBB Support Forums / Bugs /
 Minibb 2.2a XSS Vulnerability
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message
  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.

Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 
 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.