Hi friends
Right Now my forum was hacked when some user register with username with a java script code and my forum was redirecting to a frame to a particular site
The code was invisible in profile or admin panel at username the mod "prostat" show me the username with java script code in the stat
To fix i deleted the user
So kindly requested to fix it
I was sure this issue was fixed in MyBB 1.6.5?
If it was executed from the Prostat plugin then it's an issue with that specific plugin, not MyBB.
@Nathan Malcolm it was not mod ishu sorry for my bad english just i mean to say the code didn't execute in prostat table i can see the code in prostat table thats it
@euantor i am using latest version 1.6.5
Can you post the code that was used?
For future reference you should report security issues via the
contact form.
sorry i don't remember but it was <script scr="http://www.wholesaleengravablegifts.com"></script> the redirection was disable when javascript was off in my browser
MyBB doesn't allow such usernames to be registered. Do you have the Facebook Connect plugin installed?
Yes, I have installed fb connect
(2012-01-03, 05:40 PM)3agl3 3y3 Wrote: [ -> ]Yes, I have installed fb connect
There's the problem. The fb connect plugin is, from memory, known to be vulnerable to this type of attack.
Oh thanks, Thank you for helping me I will fix it.
And by the way I have also installed twitter plugin is it too vulnerable to this type of attack.