This adds code functionalilty to prevent a newly found XSS vulnerability in PHP Nuke and phpbb2 port. Code developed on PHP-Nuke 5.5 and phpbb2 port 2.0.5. The exploit occurs due to the use of quotation marks. This script simply removes them.

Without this patch, an extremely serious cookie exploit can be implemented in Your_Account, and in the Forums. Forums affected are phpbb1.x and phpbb2.x. No patch is provided for phpbb1.x.

This fix is based on the XSS Vulnerability as mentioned here:

http://phpnuke.org/modules.php?name=News&file=article&sid=4132

Download patch available:

http://www.computercops.biz/modules.php?name=News&file=article&sid=919&mode=&order=0&thold=0

Paul....a couple of questions please....
should I login to apply the patches....or can it be done with out login..(I don't mind loging in if need be)

also, a few of us are using cookie managers such as cookiemuncher...cookie wall....which immediately deletes cookies......how or will this effect the patch? no doubt others will also be wondering so though to clear it here in this thread.......thankya

snowman

Paul....my goodness you do have a sense of humor...notice in your patch "I don't like you"...you tell'em Paul LOL

snowman

You don't need to apply the patch unless you run a phpnuke site, or phpbb2 forums. Shh.. don't tell people I actually laugh.

Zhen

well friend you can have a really good laugh on me...cause I sure was going to try installing the patch on the ye ole computer....now that would have been a real trick LOL........was about to shut down when I noticed your reply........I guess someone up there is looking out for me....cause in my present condition I can barely think straight....got to get some major rest beginning right now..

hey..if you started the new good....sure hope you like the work and enviorment....very best to you

snowman

;) I start next week.