Register

Hello there! Welcome to Youjoomla Support Forums

We are Web Development Company specializing in Joomla Templates , Joomla Extensions and WordPress Themes development. You are not able to see some forum threads due to your memberhip level. To unlock all forums and special customer support please take few moments to signup. If you are just searching for free joomla templates , or free joomla extension support simply head to our Free Joomla Support forums and open a new thread. Our moderators will help you as soon as possible. To spead up the response time please take few seconds and go over forum rules

Have fun!

Joomla 2.5.1 and 1.7.5 update released: More info

We are ready for Joomla! 2.5: More info

Help us improve our website and get 1 month Free Club Membership More info

Joomla 1.6/1.7 Templates Conversion Tracker: More info

User Panel
User Name  Password   
Go Back   Youjoomla Support Forums > Public Joomla forums > Free Joomla Extensions > YJ Whois Module
Reload this Page XSS Security Patch for YJ Whois

YJ Whois Module Free whois joomla extension

Reply
Old 12-04-2009, 02:47 AM   #1 (permalink)
neo
 
neo's Avatar
 
Join Date: Mar 2005
Location: Clearwater, Florida
Posts: 10,409
Send a message via Skype™ to neo
Exclamation XSS Security Patch for YJ Whois
Thanks to Mr andresg888 and Mr Lafrance , we have discovered low risk XSS vulnerability in YJ Whois and YJ Whois 2.0 Joomla versions 1.0x and 1.5.x. All files on the server have been updated. If you are using these extensions please download the new versions and reinstall...

If you use any of these demo installations the buggy versions of YJ Whois are included ,

* H-Connect for Joomla 1.0 and Joomla 1.5
* Youhostit for Joomla 1.5

Files affected is ,
modules/mod_yj_whois.php. Joomla 1.0
modules/mod_yj_whois/mod_yj_whois.php. Joomla 1.5

line 147

Code:
$domainName = (isset($_POST['domain'])) ? $_POST['domain'] : '';
change to

Code:
$domainName = (isset($_POST['domain'])) ? htmlspecialchars(strip_tags($_POST['domain'])) : '';
neo is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 02:16 PM.


All times are GMT -4. The time now is 02:16 PM. Powered by vBulletin®
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0


Related Links: best joomla templates, joomla extensions, joomla template demo, joomla templates club, joomla 1.5 templates, free joomla templates, free joomla extensions, joomla tutorials, wordpress themes, css templates.
Copyright © Youjoomla LLC since 2006. All rights reserved.   RSS | Go to Top | The Joomla!™ name is used under a limited license from Open Source Matters in the United States and other countries. Youjoomla.com is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.