Take a look of this picture.
Seaching user posts:
![[Image: tMwiQxW.png]](https://camo.mybb.com/913a8e495a4b270e2ef8ded298ad8c8afc707fbe/687474703a2f2f692e696d6775722e636f6d2f744d77695178572e706e67)
As you see one is script and one is normal text. from same user.
Is it possible to be hacked?
(2017-02-01, 10:29 PM)Zakendavi Wrote: [ -> ]Take a look of this picture.
Seaching user posts:
As you see one is script and one is normal text. from same user.
Is it possible to be hacked?
Obviously someone tried a laughable attempt at an XSS attack. You can read more about those types of attacks at
https://www.acunetix.com/websitesecurity...scripting/.
It appears that MyBB functions_post.php did the job right with htmlspecialchars
if($post_type != 2)
{
$post['subject'] = htmlspecialchars_uni($post['subject']);
}
The XSS Attempt was unsuccessful. If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site. The user was obviously trolling. I will say MyBB 1.8.10 has no known vulnerabilities at the time. Anyways stay safe and let us know if you have any further questions
Well i banned ip too! But they come back with Proxy? Is there any way to block proxies?
Bump! How can i fix this issue guys? Please help me.
You have nothing to be afraid of.
The fact it's showing the HTML and not executing the JavaScript means you're safe
Well a lot of noobs are sending PM's like that to admins. But only bla bla! I get a lot of PM's like that too.
(2017-02-02, 01:25 AM)Lunorian Wrote: [ -> ] (2017-02-01, 10:29 PM)Zakendavi Wrote: [ -> ]Take a look of this picture.
Seaching user posts:
As you see one is script and one is normal text. from same user.
Is it possible to be hacked?
Obviously someone tried a laughable attempt at an XSS attack. You can read more about those types of attacks at https://www.acunetix.com/websitesecurity...scripting/.
It appears that MyBB functions_post.php did the job right with htmlspecialchars
if($post_type != 2)
{
$post['subject'] = htmlspecialchars_uni($post['subject']);
}
The XSS Attempt was unsuccessful. If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site. The user was obviously trolling. I will say MyBB 1.8.10 has no known vulnerabilities at the time. Anyways stay safe and let us know if you have any further questions
My guess would be that he was trying to exploit a plugin that exports threads like recentthreads, recentthreads on profile, etc. Both of the current ones uploaded on mybb are vulnerable.
Quote:If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site.
I'd follow this person's advice. There's no chance that they input that by accident.
(2017-02-02, 05:34 AM)Zakendavi Wrote: [ -> ]Well i banned ip too! But they come back with Proxy? Is there any way to block proxies?
Bump! How can i fix this issue guys? Please help me.
Nope. There will always be new ISPs for web servers meaning banning proxies is a cat and mouse game. Rather ban the accounts and move on. That's your job as an administrator.
The old version of 'recentthreads' plugin was vulnerable! But i saw he updated to a new version and patched that issue.