https://proxy2.de/forum/posts/list/3.php JForum - http://www.jforum.net
Anyway whilst disproving this exploit I realised there is an exploit that would require only minor knowledge to perform so I am submitting this patch before anyone else publicises the exploit.

Open up lib/add.class.php. Find oth occurences of[code]$agent = getenv("HTTP_USER_AGENT");[/code]and replace them with[code]$agent = htmlspecialchars(getenv("HTTP_USER_AGENT"));[/code]Now you are patched.]]> https://proxy2.de/forum/posts/preList/4144/13326.php https://proxy2.de/forum/posts/preList/4144/13326.php GMT https://proxy2.de/forum/posts/preList/4144/13336.php https://proxy2.de/forum/posts/preList/4144/13336.php GMT ]]> https://proxy2.de/forum/posts/preList/4144/13337.php https://proxy2.de/forum/posts/preList/4144/13337.php GMT
I'll let you know if I experience any problems with it.]]> https://proxy2.de/forum/posts/preList/4144/13353.php https://proxy2.de/forum/posts/preList/4144/13353.php GMT https://proxy2.de/forum/posts/preList/4144/13358.php https://proxy2.de/forum/posts/preList/4144/13358.php GMT https://proxy2.de/forum/posts/preList/4144/13362.php https://proxy2.de/forum/posts/preList/4144/13362.php GMT https://proxy2.de/forum/posts/preList/4144/13365.php https://proxy2.de/forum/posts/preList/4144/13365.php GMT https://proxy2.de/forum/posts/preList/4144/13423.php https://proxy2.de/forum/posts/preList/4144/13423.php GMT https://proxy2.de/forum/posts/preList/4144/13537.php https://proxy2.de/forum/posts/preList/4144/13537.php GMT