Back to list
Re: XSS bypass in PHPNuke - FIX ?
Dec 20 2005 12:14AM
Paul Laudanski (zx castlecops com)
On Tue, 20 Dec 2005, SecurityReason - sp3x wrote:
> Hi Paul
> Do you have any idea to do fix or update filter of phpnuke against XSS that discovered my friend.
> We were working with chaserv from nukefixes.com on this fix...
> But as you wrote on bugtraq the Fix is not very good...
> Any idea for good fix ??
> BTW : http://castlecops.com is working with phpnuke team ??
> just asking :)
Hi'ya, as per my previous post you can use htmlspecialchars or
htmlentities. So in this case take the query and run it through
$query = htmlspecialchars($query);
... _before_ you do anything with it like displaying the query back to the
-- Paul Laudanski, Microsoft MVP Windows-Security
[ reply ]
Copyright 2010, SecurityFocus