2022-01-09, 05:13 PM
(This post was last modified: 2022-01-09, 05:47 PM by Noter33. Edited 1 time in total.)
I used this tutorial for my forum in order to let users add their custom background image on their threads/posts.
The tutorial is using only simple regex as "security"
A simple bypass xss bypass is just to add near the video source an xss payload like : https://i.imgur.com/ka73p3w.gif"><script>alert()</script>
The thread is not talking about any template conditionals "safety" as Omar is explaining here : https://community.mybb.com/thread-215732.html
I took down the custom fields from my forum but I want somehow to get em back in a secure way , can someone help me with that ? I don't understand how should I encode the value used by the user in the vulnerable field
How can I encode the input ?
The tutorial is using only simple regex as "security"
A simple bypass xss bypass is just to add near the video source an xss payload like : https://i.imgur.com/ka73p3w.gif"><script>alert()</script>
The thread is not talking about any template conditionals "safety" as Omar is explaining here : https://community.mybb.com/thread-215732.html
I took down the custom fields from my forum but I want somehow to get em back in a secure way , can someone help me with that ? I don't understand how should I encode the value used by the user in the vulnerable field
How can I encode the input ?