Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MkPortal Urlobox Cross Site Request Forgery

From: securityfocus () visiblesoul com
Date: 21 Dec 2006 03:13:44 -0000
I was wrong about this issue in my previous post.

Unofficial Solution:

FIND in /mkportal/modules/urlobox/index.php:
                        $message = preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/',$no_url,$message);
                        $message = preg_replace('/\[IMG\](.+?)\[\/IMG\]/',$no_img,$message);


REPLACE WITH:
                        $message = preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/i',$no_url,$message);
                        $message = preg_replace('/\[IMG\](.+?)\[\/IMG\]/i',$no_img,$message);

-=DKC=-
Previous By Date Next
Previous By Thread Next

Current thread: