miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  
 

miniBB 2.2b release and Captcha add-on updates (minor security fixes)

 
Author Paul
Lead Developer 
#1 | Posted: 2 Oct 2008 09:58 
As it was recently reported, and security issue provided by 'Rino', miniBB can be exploited to execute intrusion JavaScript code.

I personally think despite their theory, these issues are very vague and hard to imitate in practice. Anyway carrying about secure software, we weren't brave to ignore them and did the following updates:

1) In the Human Authorization (Captcha) add-on, there is a minor update in addon_authorize.php file. Please note we didn't change the version of the add-on because this issue doesn't affect any kind of the new development in this add-on. Premium customers will just need to download the version from their downloads area and overwrite this file.

2) In the miniBB core, there is update regarding bb_cookie.php file's function called getMyCookie. The new condition now will strictly deny any kind of cookie containing < or > signs (which are required to put if you execute JavaScript plant (previously, there was a security fix only removing clear slashes in the username).

These issues have very low practical importance, however I hope they will be appreciated by a hacking theory followers ;-)

Author Rino
Partaker
#2 | Posted: 2 Oct 2008 11:29 
I was the one who found these two flaws. They are fixed now and I am reading the miniBB source to see if there are more flaws.

Author Paul
Lead Developer 
#3 | Posted: 2 Oct 2008 11:36 
Rino
Thank you Rino, once again. Don't hesitate to mention any credit you want.

Author lvalics
Partaker
#4 | Posted: 11 Oct 2008 15:52 
how do I get the new version?
I paid for this some time ago.

Author Paul
Lead Developer 
#5 | Posted: 13 Oct 2008 03:06 
lvalics
If you don't have access to our customers downloads area, contact us providing your order number, and we will send them by email.

News miniBB Support Forums / News /
 miniBB 2.2b release and Captcha add-on updates (minor security fixes)
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Private Messaging add-on: allow your miniBB-forums members to communicate with each other.


  ⇑