- Joined
- Dec 9, 2010
- Messages
- 41
- Reaction score
- 7
This is a patch to fix the XSS Exploit in BoostCMS News Comments. I've discovered this exploit by using a special web security check software, few months ago while I'm checking the CMS. I decided to release this patch to public as it may help few users who are currently searching for the fix.
You may download the patch in the attachments below.
View attachment BoostCMS Patch by Airilxx.zip
Instructions: Put the patch in <your web server path>/Boost/Packages/Default/Templates/ . Please be remember, backup your original Comment.tpl and place somewhere else outside your server web folder :
real code
replaced with
You may download the patch in the attachments below.
View attachment BoostCMS Patch by Airilxx.zip
Instructions: Put the patch in <your web server path>/Boost/Packages/Default/Templates/ . Please be remember, backup your original Comment.tpl and place somewhere else outside your server web folder :
Note: This patch is 100% created by me, I only changed few bits of codes :
real code
Code:
<?php echo str_replace("\n", '<br>', htmlspecialchars($Comment['comment'])); ?>
Code:
<?php echo strip_tags(str_replace("\n", '<br>', mysql_real_escape_string($Comment['comment']))) ?>
Attachments
You must be registered for see attachments list
Last edited: