It was brought to my attention a couple days ago that Unwakeable 1.2 contains a cross-site scripting (XSS) vulnerability in the search piece. To test to see if you’re vulnerable, search for this on your Unwakeable site:
If you see a javascript popup after searching, you’re vulnerable to attack and should follow the steps below to fix the vulnerability in Unwakeable 1.2. I’ve already taken steps to fix this vulnerability in Unwakeable 2.0, which will be released shortly.
To fix your installation of Unwakeable 1.2 you need to edit three files: serchform.php, theloop.php, and header.php.
1. searchform.php
First, open searchform.php and change this piece on line 8:
hi there..
i have problem with header.php i couldnt find
Looomz: I think you can’t find it because it looks like you’ve modified your header.php to display a different title than a typical installation of Unwakeable.
I did a little test on your blog and didn’t receive a javascript pop-up, which is good. So, you’re not vulnerable to this XSS vulnerability. There’s nothing more you need to modify to protect yourself.
Let me know if you’ve got any more questions or concerns.
thanks alot man ur the best 🙂
Yep, I’m vulnerable. I’mma patch it tomorrow morning if I have time before school. 😛
Tyler, thaks for this patches!