XSS when using somethin like this as Username:
><script>alert('Test');</script>
Logged In: YES user_id=210714
I cannot reproduce the problem. You just enter this string on the login page as the username?
Logged In: YES user_id=1315163
Yes on the login page. Maybe it has something to do with the used MySQL Version (4.0.15).
You can try our 2.6.3pl1 installation on http://web1.phpmyadmin.speedkom.net to verify.
Ok I see it on your site. Please try this: in libraries/auth/cookie.auth.lib.php line 621 becomes: $conn_error = PMA_sanitize(PMA_DBI_getError());
Yes that seems to fix it, thanks.
fixed in cvs
Logged In: YES
user_id=210714
I cannot reproduce the problem. You just enter this string
on the login page as the username?
Logged In: YES
user_id=1315163
Yes on the login page. Maybe it has something to do with
the used MySQL Version (4.0.15).
You can try our 2.6.3pl1 installation on
http://web1.phpmyadmin.speedkom.net to verify.
Logged In: YES
user_id=210714
Ok I see it on your site. Please try this: in
libraries/auth/cookie.auth.lib.php
line 621 becomes:
$conn_error = PMA_sanitize(PMA_DBI_getError());
Logged In: YES
user_id=1315163
Yes that seems to fix it, thanks.
Logged In: YES
user_id=210714
fixed in cvs