| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: MkPortal Urlobox Cross Site Request Forgery |
| From: | securityfocus@visiblesoul.com |
| Date: | 21 Dec 2006 03:13:44 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
I was wrong about this issue in my previous post.
Unofficial Solution:
FIND in /mkportal/modules/urlobox/index.php:
$message =
preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/',$no_url,$message);
$message =
preg_replace('/\[IMG\](.+?)\[\/IMG\]/',$no_img,$message);
REPLACE WITH:
$message =
preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/i',$no_url,$message);
$message =
preg_replace('/\[IMG\](.+?)\[\/IMG\]/i',$no_img,$message);
-=DKC=-
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Trend Micro's Vista "0day exploit auction" claim, Simple Nomad |
|---|---|
| Next by Date: | Re: MkPortal Urlobox Cross Site Request Forgery, securityfocus |
| Previous by Thread: | MkPortal Urlobox Cross Site Request Forgery, info |
| Next by Thread: | Re: MkPortal Urlobox Cross Site Request Forgery, securityfocus |
| Indexes: | [Date] [Thread] [Top] [All Lists] |