Bugtraq mailing list archives
Re: MkPortal Urlobox Cross Site Request Forgery
From: securityfocus () visiblesoul com
Date: 21 Dec 2006 03:13:44 -0000
I was wrong about this issue in my previous post. Unofficial Solution: FIND in /mkportal/modules/urlobox/index.php: $message = preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/',$no_url,$message); $message = preg_replace('/\[IMG\](.+?)\[\/IMG\]/',$no_img,$message); REPLACE WITH: $message = preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/i',$no_url,$message); $message = preg_replace('/\[IMG\](.+?)\[\/IMG\]/i',$no_img,$message); -=DKC=-
Current thread:
- MkPortal Urlobox Cross Site Request Forgery info (Dec 19)
- <Possible follow-ups>
- Re: MkPortal Urlobox Cross Site Request Forgery securityfocus (Dec 21)
- Re: MkPortal Urlobox Cross Site Request Forgery securityfocus (Dec 21)