Nyphrex Posted July 16, 2012 Share Posted July 16, 2012 Hey there guys! Currently working on a website (and integrating it with PHPBB3 forums) and I was wondering if it would be possible for you guys to have a crack at it and see if there's any security vulnerabilities that are immediately discoverable? Verification: http://evel.us/phpfreaks.txt URL: http://evel.us/ Thanks a lot! Heist Link to comment Share on other sites More sharing options...
darkfreaks Posted July 20, 2012 Share Posted July 20, 2012 Javascript eval() usage Vulnerability description The javascript code on this page uses the eval() function. This function evaluates a string and execute it as javascript code. If the input string is controlled by the user, this could lead to XSS (cross-site scripting) vulnerabilities. Affected files: /forums /forums/index.php /forums/memberlist.php /forums/posting.php /forums/search.php /forums/ucp.php /forums/viewforum.php /forums/viewtopic.php /index.php How to fix this vulnerability Audit the evaluated code, making sure it's not vulnerable to XSS vulnerabilities. Link to comment Share on other sites More sharing options...
Recommended Posts