Bugtraq mailing list archives
Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
From: x82_ () bk ru
Date: 24 Sep 2006 08:48:21 -0000
funny advisory.. ;) Here is our fix: ------------------------------------- if ($_GET['page'] < "0") { $this->page = 1; } ------------------------------------- Add this near line 480 in function getPostIds() And by the way this isn't critical, because intval is used before, not because it's ORDER BY... ;) best regards, x82
Current thread:
- Woltlab Burning Board 2.3.X SQL Injection Vulnerability sn4k3 . 23 (Sep 22)
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 25)
- Message not available
- Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 26)
- Message not available
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 25)
- <Possible follow-ups>
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability x82_ (Sep 25)