Hello there! Welcome to Youjoomla Support Forums

We are Web Development Company specializing in Joomla Templates , Joomla Extensions and WordPress Themes development . You are not able to see some forum threads due to your memberhip level. To unlock all forums and special customer support please take few moments to signup . If you are just searching for free joomla templates , or free joomla extension support simply head to our Free Joomla Support forums and open a new thread. Our moderators will help you as soon as possible. To spead up the response time please take few seconds and go over forum rules

Have fun!

XSS Security Patch for YJ Whois

12-04-2009, 03:47 AM
# 1 (permalink)
neo
Thanks to Mr andresg888 and Mr Lafrance , we have discovered low risk XSS vulnerability in YJ Whois and YJ Whois 2.0 Joomla versions 1.0x and 1.5.x. All files on the server have been updated. If you are using these extensions please download the new versions and reinstall...

If you use any of these demo installations the buggy versions of YJ Whois are included ,

* H-Connect for Joomla 1.0 and Joomla 1.5
* Youhostit for Joomla 1.5

Files affected is ,
modules/mod_yj_whois.php. Joomla 1.0
modules/mod_yj_whois/mod_yj_whois.php. Joomla 1.5

line 147

Code:

$domainName = (isset($_POST['domain'])) ? $_POST['domain'] : '';
change to

Code:

$domainName = (isset($_POST['domain'])) ? htmlspecialchars(strip_tags($_POST['domain'])) : '';
Thread Tools
Display Modes

Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.

Members Login

Username
Password