2013-04-24, 12:04 AM
Okay there is one mod I can't really live without lol....
And was wondering how I would go around fixing the XSS in the chatbox i've provided the exploit below but I can't really think of much on how to fix this....
Any help would be great thanks apreciate it
It's basically same as this thread http://community.mybb.com/post-576461.html the situation i'm having but no luck in fixing the vulnerabilities so far.....author as left it too buggy
Don't want anyone shelling my forum or using scripts via the notice and archive
Will be willing to pay if someone can fix the vulnerabilities and make the default text so users default text is white....
And was wondering how I would go around fixing the XSS in the chatbox i've provided the exploit below but I can't really think of much on how to fix this....
Any help would be great thanks apreciate it
ChangUonDyu Extra File Chatbox Persistent XSS
Location: Chatbox Notice
Vendor: http://community.mybb.com/thread-63559.html
PoC:
function build_notice()
{
global $fcbfile,$smilies;
$noticef = file_get_contents($fcbfile['notice']);
$handle = fopen($fcbfile['ds_notice'],"w");
if ($noticef)
{
$noticef = BBCode($noticef);
$noticef = strtr($noticef, $smilies);
}
fwrite($handle, $noticef);
fclose($handle);
}
Saves notice to your notice save file without escaping user input.
# 6EDABD388A8DCB48 1337day.com [2013-04-22] 8B163178D0769762 #
It's basically same as this thread http://community.mybb.com/post-576461.html the situation i'm having but no luck in fixing the vulnerabilities so far.....author as left it too buggy
Don't want anyone shelling my forum or using scripts via the notice and archive
Will be willing to pay if someone can fix the vulnerabilities and make the default text so users default text is white....