Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Re: Simple Machines Forum (SMF) XSS issue
Oct 21 2006 07:00AM
mrapples gmail com
(1 replies)
Good find on this.
Here is the fix I applied:
Find on line ~85 in Sources/Search.php:
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$context['search_params'][$k] = stripslashes($v);
}
Change to:
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$context['search_params'][$k] = RemoveXSS(stripslashes($v));
}
The RemoveXSS function is taken from the following site:
http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php
I hope that handles all the issue related to this.
[ reply ]
Re: Simple Machines Forum (SMF) XSS issue
Oct 22 2006 06:06PM
RSnake (rsnake shocking com)
Privacy Statement
Copyright 2009, SecurityFocus
Here is the fix I applied:
Find on line ~85 in Sources/Search.php:
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$context['search_params'][$k] = stripslashes($v);
}
Change to:
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$context['search_params'][$k] = RemoveXSS(stripslashes($v));
}
The RemoveXSS function is taken from the following site:
http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php
I hope that handles all the issue related to this.
[ reply ]