RE: bug in Invision Power Board

From: Christopher Hummert (hummertcat_private)
Date: Mon Aug 11 2003 - 10:42:16 PDT

Next message: G00db0y: "ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure"

Previous message: Lorenzo Hernandez Garcia-Hierro: "PostNuke Downloads & Web_Links ttitle variable XSS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Will someone please tell us what version this is in? 1.2 was released
last week. Did it fix this problem?

-----Original Message-----
From: Boy Bear [mailto:eyal067at_private] 
Sent: Saturday, August 09, 2003 2:32 PM
To: bugtraqat_private
Subject: Re: bug in Invision Power Board

In-Reply-To: <20030809082131.25004.qmailat_private>

To repair Bug to edit the file admin.php and to add after the line:

$IN['AD_SESS'] = $HTTP_POST_VARS['adsess'] ? $HTTP_POST_VARS['adsess'] :

$HTTP_GET_VARS['adsess'];

To add this :

if (isset($IN['AD_SESS'])) {

	$IN['AD_SESS'] = htmlspecialchars($IN['AD_SESS']);

}

Next message: G00db0y: "ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure"
Previous message: Lorenzo Hernandez Garcia-Hierro: "PostNuke Downloads & Web_Links ttitle variable XSS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 13:12:06 PDT