Kod: Tümünü seç
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/admin/admin_forums.php
----------------
Attack-Time: 02.07.2008 1:22 am
------------
Request-Method: POST
Matching rule: select
In variable: url
Matching rule: "
In variable: forumdesc
In variable: pid
In variable: pid
Matching rule: javascript:
In variable: forumdesc
Matching rule: ->
In variable: url
In variable: url
Matching rule: document.
In variable: url
Matching rule: <div
In variable: forumdesc
In variable: pid
Matching rule: <script
In variable: forumdesc
In variable: pid
Matching rule: onclick
In variable: url
Matching rule: rm
In variable: forumdesc
Matching rule: '
In variable: forumdesc
In variable: pid
Matching rule: rm
In variable: forumdesc
Matching rule: window.open
In variable: forumdesc
In variable: pid
Possible solution:
------------------
#
#-----[ OPEN ]------------------------------------------
#
/forum/admin/admin_forums.php
#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . 'common.'.$phpEx);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('url','forumdesc','pid');
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM