Trouble shooting

Fixed: Million Pixel Script Cross-site scripting (XSS) vulnerability

Version 3.0 of the Million Pixel Script, Million Pixel Script PRO and PRO Lotto contained a Cross-site scripting (XSS) vulnerability in header.php which allowed remote attackers to inject arbitrary web script or HTML via the "pa" parameter.

This problem has been fixed in the current code. All customers can download an updated version in their texmedia user account panel. In case of questions regarding that fix, just send us an email.

The fix can also easily be done manually by yourself by editing the file header.php with a simple text editor. The file is located in your main script directory of your million pixel script installation.

Just open the file header.php and search for the lines containing

value="'.$_REQUEST['pa']

You will find 2 lines. Simply change these parts to the following:

value="'.(int)$_REQUEST['pa']

(So, you just have to add "(int)" right before the $_REQUEST in both of these lines, thats all). Save the file after editing. The fix has been done by that.




Last update: 2010-01-07 20:13
Author: Markus



Print this record Print this record
Send to a friend Send to a friend

Please rate this entry:

Average rating: 3.5 out of 5 (2 Votes )

1 2 3 4 5

You cannot comment on this entry