MyBB Community Forums Community Archive Archived Forums Archived Development and Support MyBB 1.6 1.6 Security Management and Support v
Registration Security Question Plugin - XSS Vulnerability

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Registration Security Question Plugin - XSS Vulnerability
Xeronations Offline
Posts: 126
Threads: 58
Joined: Dec 2012
Reputation: 1
#1
2012-12-21, 10:58 PM
A member told me that there was an XSS vulnerability in this plugin:

http://mods.mybb.com/view/registration-s...y-question

I highly doubt it, considering the author is a support technician, but is this true?
Find
Paul H. Away

Former Staff
Posts: 8,510
Threads: 386
Joined: Feb 2011
Reputation: 279
#2
2012-12-21, 11:06 PM
I don't know how there would be an XSS in that plugin. The user input is never displayed. If you can display HTML in the question, that's not an XSS vulnerability.

Ask him for a proof of concept.
-Paul H.

Cogisne lingua latina?
Find
Xeronations Offline
Posts: 126
Threads: 58
Joined: Dec 2012
Reputation: 1
#3
2012-12-21, 11:47 PM
http://gyazo.com/67eee063434853a21984805...1356133601

It appears to be because of that.
Find
Paul H. Away

Former Staff
Posts: 8,510
Threads: 386
Joined: Feb 2011
Reputation: 279
#4
2012-12-22, 12:28 AM (This post was last modified: 2012-12-22, 12:31 AM by Paul H..)
Line 37:
	$prefix = 'g33k_'.$codename.'_';

No problem there.
He said something similar here about another plugin: http://yaldaram.com/thread-4963-post-225...l#pid22585

That line is empty.

He's just trying to be a l33t hacker scaring people.
-Paul H.

Cogisne lingua latina?
Find
Xeronations Offline
Posts: 126
Threads: 58
Joined: Dec 2012
Reputation: 1
#5
2012-12-22, 12:47 AM
Ah, thanks.

Just wanted to make sure.
Find
Leefish Offline

Former Staff
Posts: 7,458
Threads: 144
Joined: Oct 2009
Reputation: 441
#6
2012-12-22, 12:52 AM
@ Xeronations - next time you think there might be a vulnerability please report it in Private Inquiries rather than the open forum.
Random Fish and Sims Maniac
MY PLUGINS
Help MyBBSupport help you - remember to mark your threads as solved


Website Find
Dr_The_One Offline
Posts: 679
Threads: 144
Joined: Sep 2013
Reputation: 12
#7
2015-02-09, 08:10 AM
(2012-12-22, 12:28 AM)Paul H. Wrote: Line 37:
	$prefix = 'g33k_'.$codename.'_';

No problem there.
He said something similar here about another plugin: http://yaldaram.com/thread-4963-post-225...l#pid22585

That line is empty.

He's just trying to be a l33t hacker scaring people.

CAN WE REMOVE THAT LINE????
Line 37:
	$prefix = 'g33k_'.$codename.'_';
Find
Josh H. Offline

Former Staff
Posts: 3,791
Threads: 80
Joined: May 2011
Reputation: 94
#8
2015-02-16, 05:40 AM
(2015-02-09, 08:10 AM)Dr_The_One Wrote: CAN WE REMOVE THAT LINE????
Line 37:
	$prefix = 'g33k_'.$codename.'_';

Uhhhh... no. If you do that, you'll break the plugin's ability to function.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
Website Find
CloudyBright Offline
Posts: 239
Threads: 69
Joined: Dec 2010
Reputation: 5
#9
2015-03-03, 02:47 PM
Read: http://community.mybb.com/thread-129189-page-2.html
The updated reg security question file download is the last post.
Update your files with it and make a change or two to your questions and then the plug-in will works as designed.
Website Find


Forum Jump:


Users browsing this thread: 1 Guest(s)