Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS Mar 21 2008 08:36PM
vermsky motomoddinguk info
Here's the solution:

After you have installed the shoutbox please modify the file sboxDB.php.

Please search for

Code:

Code: [Select]

// handle special characters

$content = addslashes($piph . $content);

and replace this with

Code:

Code: [Select]

// handle special characters

$content = addslashes($piph . $content);

// enquote html and script code to avoid html/javascript injection

$content = htmlentities($content, ENT_QUOTES);

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus