Jump to content
MakeWebGames

[Mccode] Referral XSS Vulnerability


QBD
 Share

Recommended Posts

I came across a little unpatched code thats open to XSS attacks and i will not go into detail about how it works

but, the register.php page is vulnerable to this attack. I have fixed this on my site by adding..

 

$_GET['REF']=strip_tags($_GET['REF']);

 

Above the..

 

if($_GET['REF']) { print $_GET['REF']; }

 

part of the code.. i have done a lot of reading on this and i have read you can also use..

 

$_GET['REF']=htmlentities($_GET['REF']);
$_GET['REF']=htmlspecialchars($_GET['REF']);

 

as well to the code.. i have tested this out and it works for me as it strips the malicious code.

If this is in the wrong place to discuss this feel free to move it or remove it.. i just wanted to let

game owners know about this XSS exploit in mccode.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...