MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > HELP ME FIX XSS
Full Version: HELP ME FIX XSS
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

Diogo Parrinha

2013-01-28, 04:03 PM
I tempered the data and it didn't work. The new image is generated on the new page, thus you can only get what you posted if you edit the actual HTML using something like FireBug. Unless you're explaining it wrong, this is nothing but bogus.

Adobe

2013-01-28, 06:22 PM
I tested this multiple times and doesn't seem to work but instead it refreshes the Captcha image and I even tried on the normal login page but it didn't give me any popout.

I asked the owner of capitalcorporation to post a list of their plugins on this thread.

Xeronations

2013-01-28, 06:25 PM
I'm the owner of the forum, and these are the plugins I'm currently using:

- Additional Usergroup Images
- Donation Page
- Easy Refer
- FAPCOR
- Forum Icons
- Fit on Page
- Force Postbit Layout
- MyBB Go Mobile
- Goodbye Spammer
- Google SEO
- IP Login History
- My Ad Manager
- My Awards
- My Permissions
- No Search Forum Exclusion
- OUGC Character Count Enhancement
- Reg Security Question
- Report Once
- Sig Image Size
- Stop Self Rating
- Tagging Plugin
- Thread Open Close Self
- Trash Can Forum
- Username History
- Welcome Email/PM
- View Member Reported Posts

User 2877

2013-01-28, 06:56 PM
A javascript popup does not always mean an XSS. XSS = Cross Site Scripting. I'm pretty sure I recall the same report you have going around a year or so ago and it was dismissed then as well because it can't be exploited from another site. It will only generate to the user.

It's like saying because there is an sql error that there is an SQL Injection exploit.

From what I see and from what the team members are saying. You should be fine.

btw...can your friend reproduce on other MyBB forums?

iEcho

2013-01-28, 07:12 PM
(2013-01-28, 06:56 PM)labrocca Wrote: [ -> ]A javascript popup does not always mean an XSS. XSS = Cross Site Scripting. I'm pretty sure I recall the same report you have going around a year or so ago and it was dismissed then as well because it can't be exploited from another site. It will only generate to the user.

It's like saying because there is an sql error that there is an SQL Injection exploit.

From what I see and from what the team members are saying. You should be fine.

btw...can your friend reproduce on other MyBB forums?
maybe i used another script but the steps were exactly the same!
I cant understand Confused

Diogo Parrinha

2013-01-28, 08:35 PM
I don't think you understand our messages. Even if it displays such popup box, it doesn't do any harm to any other user.

User 2877

2013-01-28, 11:08 PM
It's a trick. Not an exploit or vulnerability that will negatively effect your users or produce a security breach.
Pages: 1 2 3
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > HELP ME FIX XSS