Please see this article on XSS in the Search module. It works on ALL of my cpgnuke 8.2 sites. I did not try it on cpgnuke.com... I'll let the admins do that.

Please help!

- MusOX

Thanks Musox - noted - the Security Team has it covered - if serious, we'll get them to post a fix, but it's certainly covered in 8.2b.

musox wrote:

Please see this article on XSS in the Search module. It works on ALL of my cpgnuke 8.2 sites. I did not try it on cpgnuke.com... I'll let the admins do that. Please help! - MusOX

You can grab the fixed search module's index.php from here:

cvs.sourceforge.net/vi...p;view=log

This is the one that will be in the 8.2b release, so all you'd need to do is overwrite your existing file (after backing it up, of course).

There are several other XSS holes that are patched in what will be 8.2b, so if you're concerned about XSS, it would be wise to upgrade when the release comes out. Heck, there's enough security and minor bugfixes in 8.2b that everyone should upgrade when it becomes available.

alex

ok... so enough with the tease... when is 8.2b being released?

when it's ready.

Smartass... I love it

musox wrote:

Smartass... I love it

Yep that all you'll get from us .

BTW nice site BrainSmashR would be happy. Stole you background btw, hope you don't mind.

Also 8.2b is in the CVS (http://cvs.sourceforge.net/viewcvs.py/phpnuke65-cpg/), use at you own rish , but as far as i know it ok, backup if your going to use it, (all you have to do is replace your files)

don't mind about the BG at all... Apple made it anyways I'll just wait for the full release... till then... "Search will be disable".

- MusOX

8.2b is released.