<<< Date Index >>>     <<< Thread Index >>>

Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS



Here's the solution:

After you have installed the shoutbox please modify the file sboxDB.php.

Please search for
Code:
                 
Code: [Select]
// handle special characters
$content = addslashes($piph . $content);

and replace this with

Code:

            
Code: [Select]
// handle special characters
$content = addslashes($piph . $content);

// enquote html and script code to avoid html/javascript injection
$content = htmlentities($content, ENT_QUOTES);