Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Further exploits closed

  1. Home
  2. News
  3. PHPFusion
  4. Further exploits closed
Further exploits closed
Following up from the previous exploit, I have added some more lines to protect the submission system from script & iframe exploits. The exploit only affects elements which allow html elements to be posted. This is easily rectified by adding these two lines to the descript() function in fusion_core.php after line 353 approx:

$text1[12] = "#script#si"; $text2[12] = 'script';
$text1[13] = "#iframe#si"; $text2[13] = 'iframe';

That's all there is to it. Another stride towards making PHPFusion as secure as possible. You can get the latest fusion_core.php file from the service pack. The Sourceforge download has been updated to include this fix. Thanks.

Falk March 17 2005 12,564
News Categories
Popular News
PHPFusion 9.0 Beta
PHPFusion 9.0 BetaOctober 03 2014 | Downloads
136395
Tesseract, Progress Report
Tesseract, Progress ReportApril 26 2014 | Development & Design
84850
Welcome Back
Welcome BackMarch 24 2006 | PHPFusion
80514
PHPFusion 9.0 ( Andromeda ) Stable
PHPFusion 9.0 ( Andromeda ) StableApril 27 2017 | PHPFusion
69532
Critical update - v6.00.305
Critical update - v6.00.305March 12 2006 | PHPFusion
67127
PHPFusion v7.02.06
PHPFusion v7.02.06January 27 2013 | Downloads
58865