Small XSS fix - E-Blah Community

Welcome, Guest.
Please login or register.

Home

Calendar

Welcome to the E-Blah Community!
We would like to welcome you to our community and invite you to register an account or login.
Being a registered member is important, as it gives you several advantages over the normal Guest status. After registering you will be able to download files and images, post messages, and access member-only portions of the forum - just to name a few. Registration is quick and simple, and only takes about a minute of your time.

E-Blah Community › Informational › Forum Updates › Small XSS fix

Users Browsing Forum

No Members and 3 Guests

Small XSS fix This thread currently has 228 views.

1 Pages 1

Recommend Thread

Justin

February 16, 2006, 1:08pm

Report to Moderator

The E-Blah Developer
E-Blah Programmer

Posts: 15,145

Gender:

Male

Posts Per Day: 5.52

Reputation: 93.23%

Reputation Score: +303 / -22

Time Online: 37 days 11 hours 41 minutes

Location: Tallassee, AL

Age: 23

This fixes a bug that could potentially expose the administrators password if a hacker sends malicious code via the referrer.

If Click Logging is disabled, your forum is safe, if not you should patch.

Code

<author="Justin">
<modname="XSS Fix 2">
<version="1">
<boardversion="P9">
<site="http://www.eblah.com">
<desc="Fixes a small bug.">

<openfile="Code/Routines.pl" writes="1">
<mod search="1">
	$ref = $ENV{'HTTP_REFERER'} =~ /$rurl/ ? '' : $ENV{'HTTP_REFERER'};
</mod end>
<mod write="1" action="1">
	$ref = Format($ref);
</mod end>

Paste that code in your Modification Center, and then install the mod once you've "uploaded" it via the Mod Center.

Thanks!
Justin

Credit: http://www.evuln.com/vulns/83/ (http://www.eblah.com/forum/v-memberpanel/a-view/u-xela/)

Oh, and this was patched within 10 minutes of notice.

I do installs for $25 and upgrades for $20.
Technical support is always free.

Donate to E-Blah!

My Websites: Revolution Reality (My Blog) | MinistryTalk.com | Portfolio

"But you, O Lord, are a compassionate and gracious God, slow to anger, abounding in love and faithfulness." — Psalm 86:15 NIV

Revision History (1 edits)

admin - February 16, 2006, 1:22pm

Logged

Offline

Site

Private message

Perindu

April 14, 2006, 5:22am

Report to Moderator

E-Blah Member

Posts: 11

Posts Per Day: 0.01

Time Online: 13 hours 35 minutes

Install Report
The following actions have been preformed with this modification. If you were testing this mod or there were errors (and you did not override them) durring the attempted installation of this mod, then no files have been modified; otherwise the files have been modified.
Modify File: ./Code/Routines.pl  (1 actions)
Source Code:
     $ref = $ENV{'HTTP_REFERER'} =~ /$rurl/ ? '' : $ENV{'HTTP_REFERER'};

After:
     $ref = Format($ref);

--» Code not found in source ...

This mod will not (un)install successfully. If you wish to install this mod anyway, click here.

should i continue it ?