Bugtraq mailing list archives
Re: Another YabbSE SQL Injection
From: Mike Bobbitt <mike () army ca>
Date: 16 Feb 2004 21:05:18 -0000
In-Reply-To: <002a01c3f4c3$d6eecc40$381e5a0a@desanet69> Correction... the code change needs to be as follows: Find: $quotemsg = $quote; Change to: if ( $quote && !is_numeric($quote) ) { die('Go out C==|=======>'); } $quotemsg = $quote; ---- Otherwise you won't be able to use the standard reply button. Cheers and thanks for the info.
Current thread:
- Another YabbSE SQL Injection backspace (Feb 16)
- <Possible follow-ups>
- Re: Another YabbSE SQL Injection Mike Bobbitt (Feb 16)