I have Patched my forum....still feeling scary... going for personal scan and finding more about it....
(2011-01-20, 01:06 PM)MattRogowski Wrote: [ -> ]These sorts of tests are often inaccurate and don't give any information on the error. Other people have run this test and it's said a file is vulnerable to something when it isn't. This just says that '/' is affected, what's that supposed to mean??
I probably think that is cookie path... {could be wrong }
and it can be handle very perfectly with XSS shots..
@rahul19285
Ok.... Listen You first upgrade your forum to latest version....
your forum version.. -> its probably would be 1.6.0
SO you do following patches,
+--------------------------------------------------------------------------------+
| MyBB 1.6.0 - Security Update Patch File |
| © 2010 MyBB Group. |
| |
| This patch file fixes two medium risk security issues with 1.6.0 |
| |
| Please follow the instructions documented to manually patch your board. |
+--------------------------------------------------------------------------------+
===============
1. editpost.php
===============
Find:
--
// Setup a unique posthash for attachment management
$posthash = $post['posthash'];
--
Replace with:
--
// Setup a unique posthash for attachment management
$posthash = htmlspecialchars_uni($post['posthash']);
--
===============
2. newreply.php
===============
Find:
--
elseif($mybb->input['action'] == "editdraft")
{
// Drafts have posthashes, too...
$posthash = $post['posthash'];
}
else
{
$posthash = $mybb->input['posthash'];
}
--
Replace with:
--
elseif($mybb->input['action'] == "editdraft")
{
// Drafts have posthashes, too...
$posthash = htmlspecialchars_uni($post['posthash']);
}
else
{
$posthash = htmlspecialchars_uni($mybb->input['posthash']);
}
--
===============
3. member.php
===============
Find:
--
// Redirect to the page where the user came from, but not if that was the login page.
if($mybb->input['url'] && !preg_match("/action=login/i", $mybb->input['url']))
{
$redirect_url = htmlentities($mybb->input['url']);
}
elseif($_SERVER['HTTP_REFERER'])
{
$redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
}
--
Replace with:
--
// Redirect to the page where the user came from, but not if that was the login page.
if($_SERVER['HTTP_REFERER'] && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
{
$redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
}
else
{
$redirect_url = '';
}
--
ALL DONE
(2011-01-20, 01:06 PM)MattRogowski Wrote: [ -> ]These sorts of tests are often inaccurate and don't give any information on the error. Other people have run this test and it's said a file is vulnerable to something when it isn't. This just says that '/' is affected, what's that supposed to mean??
I probably think that is cookie path... {could be wrong }
and it can be handle very perfectly with XSS shots..