(2017-02-01, 10:29 PM)Zakendavi Wrote: Take a look of this picture.
Seaching user posts:
As you see one is script and one is normal text. from same user.
Is it possible to be hacked?
Obviously someone tried a laughable attempt at an XSS attack. You can read more about those types of attacks at
https://www.acunetix.com/websitesecurity...scripting/.
It appears that MyBB functions_post.php did the job right with htmlspecialchars
if($post_type != 2)
{
$post['subject'] = htmlspecialchars_uni($post['subject']);
}
The XSS Attempt was unsuccessful. If I were you I would ban the user and his IP Address. It's unacceptable behavior for users to attempt to attack the site. The user was obviously trolling. I will say MyBB 1.8.10 has no known vulnerabilities at the time. Anyways stay safe and let us know if you have any further questions