Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MkPortal Urlobox Cross Site Request Forgery
From: securityfocus () visiblesoul com
Date: 21 Dec 2006 03:13:44 -0000

I was wrong about this issue in my previous post.

Unofficial Solution:

FIND in /mkportal/modules/urlobox/index.php:
                        $message = preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/',$no_url,$message);
                        $message = preg_replace('/\[IMG\](.+?)\[\/IMG\]/',$no_img,$message);


REPLACE WITH:
                        $message = preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/i',$no_url,$message);
                        $message = preg_replace('/\[IMG\](.+?)\[\/IMG\]/i',$no_img,$message);

-=DKC=-


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]