Pages: 1
| Posted: 22 May 2005 10:09 | ||
|
Administrator |
Posts: 1016 Join Date: Mar 2005 |
|
There was a potential security vulnerability in member.php where a registered user could inject javascript and get a user's cookie. Depending on seo-board_options settings ($shaprefix), a hacker may manage to brute force recover the password of a logged user who browses the member profile of the hacker.
Bug is fixed now. You can download the seo-board zip file and upgrade the member.php (one line of code was added). I recommend updating member.php. Thanks to sujokid for pointing this bug out. __________________ Are you looking for an SEO Consultant?
Email me: hristo at seo-board dot com |
||
| Posted: 08 Jun 2005 15:02 | ||
|
Registered User Currently Offline |
Posts: 63 Join Date: Mar 2005 |
|
Which line of code in member.php? __________________ |
||
| Posted: 08 Jun 2005 15:05 | ||
|
|
Registered User Currently Offline |
Posts: 63 Join Date: Mar 2005 |
|
Was it this?
$member_bio = format_html($member_bio); __________________ |
||
| Posted: 08 Jun 2005 18:08 | ||
|
|
Administrator |
Posts: 1016 Join Date: Mar 2005 |
|
It encodes html tags, so that a user cannot put html/javascript in the text. __________________ Are you looking for an SEO Consultant?
Email me: hristo at seo-board dot com |
||
Pages: 1
