miniBB ® 


Support Forums
 | Start | Register | Search | Statistics | File Bank | Manual |
Bugs miniBB Support Forums / Bugs /  

Minibb 2.2a XSS Vulnerability

Author GAMeovER
#1 | Posted: 2 May 2008 15:27
Description: miniBB is a bulletin board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "whatus" parameter of the "bb_admin" script. miniBB version 2.2a is affected.

Author Paul
Lead Developer 
#2 | Posted: 3 May 2008 07:37
This issue won't work because

1) admin's script won't pass you to the area until you sign-in as admin (except of course you as admin will hack your forum - but why you should do this :)

2) admin's script should be renamed for security reasons and it's not always named as bb_admin.php.

Anyway we will take it into attention and fix it in the next release when we are ready to go. Thanks.

Bugs miniBB Support Forums / Bugs /
 Minibb 2.2a XSS Vulnerability
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.

Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Private Messaging add-on: allow your miniBB-forums members to communicate with each other.