UBB.threads PHP Forum Software Community

Like Post

If a specific post was interesting or useful to you, we recommend that you Like that post. It tells the post author, and others, that you found the information valuable. Clicking Like is another way to let others know that you enjoy it without leaving a comment.

Members Who Like This Post

Morgan (Nov 23rd 2023), isaac (Nov 23rd 2023)

Total Likes: 2

Re: Google Third-Party Spam Warning #265815 Nov 22nd a 10:58 PM
by Gizmo
Gizmo	Users have been crafting URLs using the curl redirect (Current URL sending traffic to the function) in UBB.threads, nothing is exploited on the site, but it's allowing them to forward requests on a page of your site to 3rd party destinations; until we get v8 out the door I'm sharing the patch with everyone now. Any 3rd party URLs with the below patch will be stopped by the system from redirecting them unless the redirected URL is from a local URL (on your site). Update: See this post for an update. In /scripts/changeprefs.inc.php Find: Code header("Location: $curl"); Replace with: Code if (strpos($curl, $_SERVER['SERVER_NAME']) !== false) { header("Location: $curl"); } else { $html->not_right($ubbt_lang['POST_PROB']); } This code change exists towards the bottom of the script file, then you can attempt to redirect on your own site as: https://example.com/forums/ubbthreads.php?ubb=changeprefs&what=style&value=1&curl=https://ubbcentral.com You can test this behavior here on UBBCentral by going to: https://www.ubbcentral.com/forums/ubbthreads.php?ubb=changeprefs&what=style&value=1&curl=https://ubbdev.com

UBB.threads PHP Forum Software Community Forums Like Post