| stonebreath | 2008-11-19 22:58:00 |
 Posts: 339 Topics participated: 184 Topics started: 14 First post: 2008-02-08 07:12:00 Last post: 2009-01-03 22:16:00 |
Only that my safe function has been contaminated by this forum software(again).... Try the following... function safe($var) { |
 |
Page 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Preliminary XSS & SQL Injection Exploits.
| CoLdFuSiOn | 2008-11-21 14:43:00 |
 Posts: 2312 Topics participated: 1240 Topics started: 124 First post: 2006-02-25 21:12:00 Last post: 2009-01-03 14:56:00 |
There is an XSS vulnerability in details.php. I can use a and edit the file names in the .torrent file to HTML or JS and when a person displays the files on the details page it will not be sanitized on the output. This can be fixed by using htmlspecialchars() when outputting the file names, or validating the file names for invalid file characters on input. Was already fixed in current SVN. For mainstream versions though, you're quite correct. |
|
| dottor | 2008-11-22 12:12:00 |
 Posts: 157 Topics participated: 116 Topics started: 10 First post: 2007-07-13 01:25:00 Last post: 2008-12-30 10:39:00 |
can you please explain where the htmlspecialchars() needs to be im not seeing it in the details page where the problem is thanks |
|
| Sam007 | 2008-11-22 07:23:00 | ||
 Posts: 847 Topics participated: 448 Topics started: 80 First post: 2008-01-26 11:33:00 Last post: 2009-01-01 20:14:00 |
i guess this print(" Download | " . htmlspecialchars($row["filename"]) . " | |
|
| pdq | 2008-11-22 07:42:00 |
 Posts: 577 Topics participated: 354 Topics started: 14 First post: 2008-03-01 01:47:00 Last post: 2009-01-03 16:33:00 |
i believe it's |
|
| CoLdFuSiOn | 2008-11-22 09:55:00 |
|
Posts: 2312 Topics participated: 1240 Topics started: 124 First post: 2006-02-25 21:12:00 Last post: 2009-01-03 14:56:00 |
Yup pdq. If you're using the newer svn the filelist is now in a separate file called, erm, filelist.php |
|
| dottor | 2008-11-22 18:38:00 |
|
Posts: 157 Topics participated: 116 Topics started: 10 First post: 2007-07-13 01:25:00 Last post: 2008-12-30 10:39:00 |
thanks got it |
|
| Sam007 | 2008-11-22 18:49:00 |
|
Posts: 847 Topics participated: 448 Topics started: 80 First post: 2008-01-26 11:33:00 Last post: 2009-01-01 20:14:00 |
sorry do i find that line on details.php page on default tbdev source? |
|
| CoLdFuSiOn | 2008-11-23 09:38:00 |
|
Posts: 2312 Topics participated: 1240 Topics started: 124 First post: 2006-02-25 21:12:00 Last post: 2009-01-03 14:56:00 |
yes |
|
| aaaaaaaaaa | 2008-11-24 13:18:00 |
 Posts: 47 Topics participated: 35 Topics started: 2 First post: 2008-11-07 20:09:00 Last post: 2008-12-13 18:39:00 |
Thx, fixed |
|
Similar threads
| Topic | Posts | Last post |
|---|---|---|
| SQL injection | 7 | 2007-07-13 18:06:00 |
| stop sql injection | 2 | 2008-09-25 18:34:00 |
| Prevent SQL injection | 12 | 2008-07-27 12:19:00 |
| SQL injection bug, in bittorrent.php | 17 | 2008-03-15 09:16:00 |
| Posible SQL injection in details.php | 2 | 2008-01-14 20:16:00 |
Statistics
| Today's active topics · | |
|---|---|
| User(s) active in the past 30 minutes | |
| 26 Guests, 6 Members jesse2, zlatorog17, okedou, devil_kills, Paradox, Savage anteny , meble biurowe Kraków , felgi , okna , nieruchomości bułgaria pozycjonowanie online bingo wynajem samochodów alveo apteka | |
| Often viewed topics | |
| · Inactive Member... · Nice signup usi... · Pre-time withou... · Rating using ajax · Stats on index · Add/Remove Style · torrent uppload... · Ratio Master · Save PMs to temp! · Torrent Inline ... · Warned users (o... · last 10 forum ... · ballon tooltip · RSS feed passke... · Null Announce. · Auto Cleanup! · Problem with ID... · Work with mod_r... · theme system · User/ID | |
| Forthcoming Calendar Events within the next 5 days | |
| There are no forthcoming calendar events | |