NSN Supporters Module Vulnerability

Posted on Sunday, April 22, 2007 @ 01:33:04 PDT in Security
by raven

Guardian2003 writes:  
A vulnerability has been discovered in the NSN Supporters Module which, under some conditions may allow a hacker to conduct a successful XSS attack on affected sites.

The conditions required are either incorrectly set MIME TYPEs at server level or if the module is configured to allow upload of Supporter images.

With immediate effect:
If you are using this module, ensure you have not allowed image uploads.
A temporary fix is discussed here:
http://ravenphpscripts.com/postx13183-0-0.html


For obvious reasons, I have not detailed how the attack takes place but I am more than happy to discuss the matter by PM with any developers I know so they can fully test fixes etc.
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,932,243
  • Today: 64,051
Server InfoServer Info
  • Oct 22, 2018
  • 06:12 pm PDT
 
 

Daily Inspiration