[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MkPortal Urlobox Cross Site Request Forgery

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: MkPortal Urlobox Cross Site Request Forgery
From: securityfocus@xxxxxxxxxxxxxxx
Date: 21 Dec 2006 03:13:44 -0000

I was wrong about this issue in my previous post.

Unofficial Solution:

FIND in /mkportal/modules/urlobox/index.php:
                        $message = 
preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/',$no_url,$message);
                        $message = 
preg_replace('/\[IMG\](.+?)\[\/IMG\]/',$no_img,$message);


REPLACE WITH:
                        $message = 
preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/i',$no_url,$message);
                        $message = 
preg_replace('/\[IMG\](.+?)\[\/IMG\]/i',$no_img,$message);

-=DKC=-

Prev by Date: Re: Trend Micro's Vista "0day exploit auction" claim
Next by Date: Re: MkPortal Urlobox Cross Site Request Forgery
Previous by thread: MkPortal Urlobox Cross Site Request Forgery
Next by thread: Re: MkPortal Urlobox Cross Site Request Forgery
Index(es):
- Date
- Thread