0 0
Platinum Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
так ли это? и нужно ли апдейтится. потому как у меня подозрения, что это утка.
Цитата: Severity: Medium
Title: Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED]
Vendor: Invision Invision Power Services
Vendor Website: http://www.invisionboard.com/
Summary: Invision board 1.3.1 and lower are vulnerable to a sql injection vulnerability which is caused
by the non validation of input in the $this->first variable
Proof of Concept Exploit:
http://localhost/forums/index.php?act=Memb...t=SQL_INJECTION
**************
Patch info
**************
A patched version of the vulnerable file can be found at, http://www.digitalparadox.org/memberlist.txt
Just replace /uploads/sources/memberlist.php with this, and it will be fixed.
A simple patch can be,
In /uploads/sources/memberlist.php on Line 274 add this code
[CODE BEGINS]
if (!is_numeric($this->first)) {
$this->first = "0";
}
[CODE ENDS]
So it should finally look like,
[CODE BEGINS]
$this->output .= $this->html->Page_header( array( 'SHOW_PAGES' => $links) );
//-----------------------------
// START THE LISTING
//-----------------------------
if (!is_numeric($this->first)) {
$this->first = "0";
}
$DB->query("SELECT m.name, m.id, m.posts, m.joined, m.mgroup, m.email,m.title,
m.hide_email, m.location, m.aim_name, m.icq_number,
me.photo_location, me.photo_type, me.photo_dimensions
[CODE ENDS]
please, update your forum engine version... tnx&gl.. JET ;)
|
|
