XSS Exploit Patch 1.0.0 for PHPNuke and phpbb2 port

Discussion in 'other security issues & news' started by Zhen-Xjell, Jun 18, 2002.

Thread Status:
Not open for further replies.
  1. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    This adds code functionalilty to prevent a newly found XSS vulnerability in PHP Nuke and phpbb2 port. Code developed on PHP-Nuke 5.5 and phpbb2 port 2.0.5. The exploit occurs due to the use of quotation marks. This script simply removes them.

    Without this patch, an extremely serious cookie exploit can be implemented in Your_Account, and in the Forums. Forums affected are phpbb1.x and phpbb2.x. No patch is provided for phpbb1.x.

    This fix is based on the XSS Vulnerability as mentioned here:

    http://phpnuke.org/modules.php?name=News&file=article&sid=4132

    Download patch available:

    http://www.computercops.biz/modules.php?name=News&file=article&sid=919&mode=&order=0&thold=0
     
  2. snowy

    snowy Guest

    Paul....a couple of questions please....
    should I login to apply the patches....or can it be done with out login..(I don't mind loging in if need be)

    also, a few of us are using cookie managers such as cookiemuncher...cookie wall....which immediately deletes cookies......how or will this effect the patch? no doubt others will also be wondering so though to clear it here in this thread.......thankya

    snowman
     
  3. snowy

    snowy Guest

    Paul....my goodness you do have a sense of humor...notice in your patch "I don't like you"...you tell'em Paul LOL

    snowman
     
  4. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    You don't need to apply the patch unless you run a phpnuke site, or phpbb2 forums. Shh.. don't tell people I actually laugh.
     
  5. snowy

    snowy Guest

    Zhen

    well friend you can have a really good laugh on me...cause I sure was going to try installing the patch on the ye ole computer....now that would have been a real trick LOL........was about to shut down when I noticed your reply........I guess someone up there is looking out for me....cause in my present condition I can barely think straight....got to get some major rest beginning right now..

    hey..if you started the new good....sure hope you like the work and enviorment....very best to you

    snowman
     
  6. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    ;) I start next week.
     
Loading...
Thread Status:
Not open for further replies.