QBD Posted August 14, 2008 Share Posted August 14, 2008 I came across a little unpatched code thats open to XSS attacks and i will not go into detail about how it works but, the register.php page is vulnerable to this attack. I have fixed this on my site by adding.. $_GET['REF']=strip_tags($_GET['REF']); Above the.. if($_GET['REF']) { print $_GET['REF']; } part of the code.. i have done a lot of reading on this and i have read you can also use.. $_GET['REF']=htmlentities($_GET['REF']); $_GET['REF']=htmlspecialchars($_GET['REF']); as well to the code.. i have tested this out and it works for me as it strips the malicious code. If this is in the wrong place to discuss this feel free to move it or remove it.. i just wanted to let game owners know about this XSS exploit in mccode. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.