RE: bug in Invision Power Board
From: Christopher Hummert (hummertc_at_noghri.net)
Date: 08/11/03
- Previous message: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"
- Maybe in reply to: Boy Bear: "bug in Invision Power Board"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Mon, 11 Aug 2003 10:42:16 -0700
Will someone please tell us what version this is in? 1.2 was released
last week. Did it fix this problem?
-----Original Message-----
From: Boy Bear [mailto:eyal067@walla.co.il]
Sent: Saturday, August 09, 2003 2:32 PM
To: bugtraq@securityfocus.com
Subject: Re: bug in Invision Power Board
In-Reply-To: <20030809082131.25004.qmail@www.securityfocus.com>
To repair Bug to edit the file admin.php and to add after the line:
$IN['AD_SESS'] = $HTTP_POST_VARS['adsess'] ? $HTTP_POST_VARS['adsess'] :
$HTTP_GET_VARS['adsess'];
To add this :
if (isset($IN['AD_SESS'])) {
$IN['AD_SESS'] = htmlspecialchars($IN['AD_SESS']);
}
- Previous message: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"
- Maybe in reply to: Boy Bear: "bug in Invision Power Board"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
