TUCoPS :: Web BBS :: Frequently Exploited :: b06-1595.htm

MyBB 1.10 New CrossSiteScripting ' member.php '
MyBB 1.10 New CrossSiteScripting ' member.php '
MyBB 1.10 New CrossSiteScripting ' member.php '


//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//

Webattack :-
	/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url=">

//-- FixIT --//

	Open member.php
    GoTo Line :- 1030 ..


        if($mybb->input['url'])
			{
				redirect($mybb->input['url'], $lang->redirect_loggedin);
			}


        Replace It With

   		if($mybb->input['url'])
			{
		redirect(htmlspecialchars($mybb->input['url']), $lang->redirect_loggedin);
   			}
//-- --//

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH