Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability

Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability

From: <emin_at_hasanov.com>
Date: 1 Dec 2006 06:10:49 -0000

('binary' encoding is not supported, stored as-is) Thanks for sharing!

Quick fix is to edit file forum/modules/blog/lib/entry_reply_entry.php

and change the following code (line 52 for me)
'where' => "entry_id = {$this->ipsclass->input['eid']}"
to
'where' => "entry_id = '".intval($this->ipsclass->input['eid'])."'"
Received on Dec 01 2006

This message: [ Message body ]
Next message: Steve Kemp: "[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation"
Previous message: infection_at_mail.kz: "Invision Gallery 2.0.7 SQL Injection Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]