I need to be worried?
#1
Take a look of this picture.
Seaching user posts:
[Image: tMwiQxW.png]

As you see one is script and one is normal text. from same user.

Is it possible to be hacked?
Reply
#2
(2017-02-01, 10:29 PM)Zakendavi Wrote: Take a look of this picture.
Seaching user posts:
[Image: tMwiQxW.png]

As you see one is script and one is normal text. from same user.

Is it possible to be hacked?
Obviously someone tried a laughable attempt at an XSS attack. You can read more about those types of attacks at https://www.acunetix.com/websitesecurity...scripting/.

It appears that MyBB functions_post.php did the job right with htmlspecialchars
if($post_type != 2)
        {
                $post['subject'] = htmlspecialchars_uni($post['subject']);
        }
The XSS Attempt was unsuccessful. If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site. The user was obviously trolling. I will say MyBB 1.8.10 has no known vulnerabilities at the time. Anyways stay safe and let us know if you have any further questions Smile
Software Engineer specializing in C# Program Development
Reply
#3
Well i banned ip too! But they come back with Proxy? Is there any way to block proxies?

Bump! How can i fix this issue guys? Please help me.
Reply
#4
You have nothing to be afraid of.
Reply
#5
The fact it's showing the HTML and not executing the JavaScript means you're safe Smile
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#6
This user has been denied support. This user has been denied support.
Well a lot of noobs are sending PM's like that to admins. But only bla bla! I get a lot of PM's like that too.
Reply
#7
(2017-02-02, 01:25 AM)Lunorian Wrote:
(2017-02-01, 10:29 PM)Zakendavi Wrote: Take a look of this picture.
Seaching user posts:
[Image: tMwiQxW.png]

As you see one is script and one is normal text. from same user.

Is it possible to be hacked?
Obviously someone tried a laughable attempt at an XSS attack. You can read more about those types of attacks at https://www.acunetix.com/websitesecurity...scripting/.

It appears that MyBB functions_post.php did the job right with htmlspecialchars
if($post_type != 2)
        {
                $post['subject'] = htmlspecialchars_uni($post['subject']);
        }
The XSS Attempt was unsuccessful. If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site. The user was obviously trolling. I will say MyBB 1.8.10 has no known vulnerabilities at the time. Anyways stay safe and let us know if you have any further questions Smile

My guess would be that he was trying to exploit a plugin that exports threads like recentthreads, recentthreads on profile, etc. Both of the current ones uploaded on mybb are vulnerable.
Reply
#8
Quote:If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site.

I'd follow this person's advice. There's no chance that they input that by accident.
Reply
#9
(2017-02-02, 05:34 AM)Zakendavi Wrote: Well i banned ip too! But they come back with Proxy? Is there any way to block proxies?

Bump! How can i fix this issue guys? Please help me.

Nope. There will always be new ISPs for web servers meaning banning proxies is a cat and mouse game. Rather ban the accounts and move on. That's your job as an administrator.
Software Engineer specializing in C# Program Development
Reply
#10
This user has been denied support. This user has been denied support.
The old version of 'recentthreads' plugin was vulnerable! But i saw he updated to a new version and patched that issue.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)