MyBB Hacks / Miscellaneous / Oh, the stupidity

 Oh, the stupidity
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #4
RE: Oh, the stupidity
Most MyCodes don't stick replacements in Javascript, which isn't too bad.

Most MyCodes I've seen, however, are vulnerable to some injection.  MyBB filters out most Javascript (it forgets some events such as onError, onKeyPress etc) and escapes < and > characters, so the worst is often avoided, but people really need to avoid using the (.*?) match.
I tried writing an Easy MyCodes plugin, but it doesn't seem to have attracted much attention.

If MyBB still doesn't filter " characters by the time custom MyCode is parsed, the example in the first post is even worse, as CSS can be injected, eg:

Code: 
[tip]aba');" style="position: absolute; left: 0; top: 0; display: block; width: 100%; height: 10000%;" rel="[/tip]

My Blog
10-22-2010 09:11 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
Oh, the stupidity - ZiNgA BuRgA - 10-21-2010, 03:42 PM
RE: Oh, the stupidity - 1master1 - 10-21-2010, 10:40 PM
RE: Oh, the stupidity - MattR - 10-22-2010, 07:59 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-22-2010 09:11 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-23-2010, 09:35 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-23-2010, 10:40 PM
RE: Oh, the stupidity - MattR - 10-24-2010, 07:03 AM
RE: Oh, the stupidity - 1master1 - 10-24-2010, 08:34 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-24-2010, 10:20 AM
RE: Oh, the stupidity - Harry - 10-24-2010, 06:19 PM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-24-2010, 09:53 PM
RE: Oh, the stupidity - MattR - 10-25-2010, 04:22 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-25-2010, 08:17 AM
RE: Oh, the stupidity - MattF - 10-26-2010, 12:00 AM
RE: Oh, the stupidity - 1master1 - 10-25-2010, 01:08 PM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-26-2010, 07:53 AM
RE: Oh, the stupidity - MattF - 10-26-2010, 08:24 AM
RE: Oh, the stupidity - leefish - 10-26-2010, 08:50 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-26-2010, 10:33 AM
RE: Oh, the stupidity - MattF - 10-26-2010, 11:01 PM
RE: Oh, the stupidity - 1master1 - 10-26-2010, 11:33 PM
RE: Oh, the stupidity - MattR - 10-27-2010, 02:45 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-27-2010, 09:09 AM
RE: Oh, the stupidity - Vapor - 10-27-2010, 09:52 AM
RE: Oh, the stupidity - trialnick - 10-31-2010, 06:17 AM
RE: Oh, the stupidity - MasterZuFu - 12-17-2010, 11:17 PM

Threaded Mode | Linear Mode
 Standard Tools
Forum Jump:



Contact Us | MyBB Hacks | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication