News:

Want to get involved in developing SMF? Why not lend a hand on our GitHub!

Main Menu

Avatar Script Insertion Vulnerability (Security)

Started by dcabbar, March 27, 2007, 12:51:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

dcabbar

March 27, 2007, 12:51:07 AM
Hi All,

Looking at http://secunia.com/advisories/17295/ , it seems possible to embed javascript in images in a special way.

So, if a user provides an avatar that has this, they will be able to hack accounts.

Do you know how this can be avoided?

Thanks.

Kindred

#1
March 27, 2007, 12:55:23 AM
that is a report for phpbb, not SMF...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

dcabbar

#2
March 27, 2007, 01:20:41 AM
Yeah I know, I am just asking how this can be prevented on the server side for SMF too, and/or what SMF does to prevent it.

SlammedDime

#3
July 07, 2007, 03:28:14 PM
dcabbar, is this issue resolved or do you require further assistance?
SlammedDime
Former Lead Customizer
BitBucket Projects
GeekStorage.com Hosting		                      My Mods
SimpleSEF
Ajax Quick Reply
Sitemap
more...		                     
Print
Go Up Pages1
User actions
Advertisement: