MyBB 1.10 New CrossSiteScripting ' member.php '

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MyBB 1.10 New CrossSiteScripting ' member.php '
From: o.y.6@xxxxxxxxxxx
Date: 12 Apr 2006 19:29:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//

Webattack :-
        
/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url="><script>alert(1);</script>

//-- FixIT --//

        Open member.php
    GoTo Line :- 1030 ..


        if($mybb->input['url'])
                        {
                                redirect($mybb->input['url'], 
$lang->redirect_loggedin);
                        }


        Replace It With

                if($mybb->input['url'])
                        {
                redirect(htmlspecialchars($mybb->input['url']), 
$lang->redirect_loggedin);
                        }
//-- --//

Prev by Date: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2
Next by Date: SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
Previous by thread: Re: phpMyAdmin 2.7.0-pl1
Next by thread: SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
Index(es):
- Date
- Thread