Forum Software Contains PHP Security Hole
Skip | 28 October, 2005 18:36
Here's some serious news right before the weekend for you PHP develpers who use the Chipmonk Forum software:
The PHP based Chipmunk Forum contains a flaw that allows a remote cross site scripting attack.
Yeeeeouch....
This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'reply.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Be careful when using the PHP developed Chipmonk Forum!
The PHP based Chipmunk Forum contains a flaw that allows a remote cross site scripting attack.
Yeeeeouch....
This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'reply.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Be careful when using the PHP developed Chipmonk Forum!
Comments for post
Menu
calendar
| « | February 2012 | » | ||||
|---|---|---|---|---|---|---|
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | |||
RSS Feed