Hello guys! A member of my forum found an XSS vuln while login in
-
He used temper data to change the imgstring query(captcha Query) while he login!
query he used: "/><ScRiPt>alert(String.fromCharCode(88,83,83))</ScRiPt>
HOW CAN I FIX THAT? Thanks everyone much apreciate it!
BUMP anyone can help?!
I need a solution ASAP! Its serious issue!
Can you tell us how it was done? What plugins do you have?
He done it with temper data(mozzila addon)!
He tried to login with right info and he changed the imgstring value with an xss script!
That it! Ill provide anythin!
What plugins do you use!
Can you provide a screenshot of the XSS!
Can you provide a link to your board!
We're trying to help you, so please co-operate with us and the MyBB Team!
Unless he can inject JavaScript into other users' page it is useless. I doubt he can do it via CAPTCHA, as far as I know your CAPTCHA is not shown to other users. And even if it was, it is generated by PHP, not based off some user input.
I may have misunderstood your post but I believe your member is just playing with you.
(2013-01-28, 06:14 AM)kamz89 Wrote: [ -> ]What plugins do you use!
Can you provide a screenshot of the XSS!
Can you provide a link to your board!
We're trying to help you, so please co-operate with us and the MyBB Team!
(2013-01-28, 10:50 AM)Pirata Nervo Wrote: [ -> ]Unless he can inject JavaScript into other users' page it is useless. I doubt he can do it via CAPTCHA, as far as I know your CAPTCHA is not shown to other users. And even if it was, it is generated by PHP, not based off some user input.
I may have misunderstood your post but I believe your member is just playing with you.
Im sure that he can inject code to other users as well!
XSS PICTURES:
![[Image: untitled.png]](https://camo.mybb.com/5e4d57447e22d26c1c3e9c428f811b5599ba820d/687474703a2f2f73312e706f7374696d6167652e6f72672f723065726c65696d332f756e7469746c65642e706e67)
![[Image: xss_cc_co.png]](https://camo.mybb.com/4880be483f370c0295b544320b3c696ae8ebb71e/687474703a2f2f73312e706f7374696d6167652e6f72672f66636b7071757468372f7873735f63635f636f2e706e67)
So what you're doing there is, you try to login and fail and without doing anything you get a javascript alert or did you change anything? (e.g. imagestring)
(2013-01-28, 11:53 AM)Pirata Nervo Wrote: [ -> ]So what you're doing there is, you try to login and fail and without doing anything you get a javascript alert or did you change anything? (e.g. imagestring)
He tried to login with right username and pass and he just replaced the imgstring with an javascript query! he can redirect the page etc.. etc..
Only changed the imgstring!
I can't reproduce this. Nonetheless, it's reflected and requires it to be POSTed. I can't see a real world example, at least not one worth trying, where this could be used. We're going to need more information about this issue if you expect us to fix it. Where exactly is the imgstring being printed on the page?
(2013-01-28, 11:55 AM)iEcho Wrote: [ -> ] (2013-01-28, 11:53 AM)Pirata Nervo Wrote: [ -> ]So what you're doing there is, you try to login and fail and without doing anything you get a javascript alert or did you change anything? (e.g. imagestring)
He tried to login with right username and pass and he just replaced the imgstring with an javascript query! he can redirect the page etc.. etc..
Only changed the imgstring!
The user on the screenshot is whom? You? Or him?
Also, the user on the screenshot failed to login, otherwise he wouldn't have received a login failure error.