MyBB 1.10 New CrossSiteScripting ' member.php '

2006-04-1400:00:00

vulners.com

JSON

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//

Webattack :-
/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url="><script>alert(1);</script>

//-- FixIT --//

    Open member.php
GoTo Line :- 1030 ..


    if&#40;$mybb-&gt;input[&#39;url&#39;]&#41;
                    {
                            redirect&#40;$mybb-&gt;input[&#39;url&#39;], $lang-&gt;redirect_loggedin&#41;;
                    }


    Replace It With

            if&#40;$mybb-&gt;input[&#39;url&#39;]&#41;
                    {
            redirect&#40;htmlspecialchars&#40;$mybb-&gt;input[&#39;url&#39;]&#41;, $lang-&gt;redirect_loggedin&#41;;
                    }

//-- --//

JSON

MyBB 1.10 New CrossSiteScripting &#39; member.php &#39;

MyBB 1.10 New CrossSiteScripting ' member.php '