Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Possible XSS Vulnerability
#1
After getting blocked by mod_security today I did some checking of the logs and this is happening every other day, luckily the other days I was not blocked just other IP's.

The XSS comes from jscripts/jquery.cookie.js

Screenshots provided.

NOTE: I am unable to add new issues to the bug report system for some odd reason.

MyBB Version: 1.6.8
Plugins: MyGW2Code, MyForumIcons


Attached Files Thumbnail(s)
       
Official Site: http://mochacoder.com
Coming Soon: http://wowgnerd.com & http://generalrides.com

Follow me on twitter: @MochaCoder
#2
jquery.cookie.js is not part of MyBB.
[Image: banner.png]
#3
Gah, didn't even pay attention to the core package. I found the issue, forgot about one plugin and it is part of that one. I will report it to the plugin dev.

Guess I won't, their site is down and no thread on this forum.
Official Site: http://mochacoder.com
Coming Soon: http://wowgnerd.com & http://generalrides.com

Follow me on twitter: @MochaCoder
#4
It would help if you could say which Plugin it is, so if one of us uses it, he/she also knows to remove it for good, or until further notice.

There is hardly any list of plugins that are maybe dangerous. Could be valueable informations so we can do something before maybe getting hacked.

Thanks

Wolfseye
#5
do we know the plugin?


Forum Jump:


Users browsing this thread: 1 Guest(s)