|
|
//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --//
Webattack :-
/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url=">
//-- FixIT --//
Open member.php
GoTo Line :- 1030 ..
if($mybb->input['url'])
{
redirect($mybb->input['url'], $lang->redirect_loggedin);
}
Replace It With
if($mybb->input['url'])
{
redirect(htmlspecialchars($mybb->input['url']), $lang->redirect_loggedin);
}
//-- --//