Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
gazj
Worker
Worker


Joined: Apr 28, 2006
Posts: 152
Location: doncaster england

PostPosted: Mon Apr 14, 2008 11:12 pm Reply with quote

I found this on Only registered users can see links on this board! Get registered or login! and thought it should be posted here i did have a quick look to see if it was already but didnt see it.

this is as evaders99 wrote:

In response to: Only registered users can see links on this board! Get registered or login!

I am posting the reply and changes

$sid is indeed not properly sanitized

in modules/Search/index.php

For Nuke Patched / Nuke Patched Core

For a graphical view, click Only registered users can see links on this board! Get registered or login!
And go to Diff to previous 1.6

Code:

FIND (inline) - 6x - six-times, only the first 3 are critical

Code:
'$sid'


TO

'".intval($sid)."'




RavenNuke

RavenNuke has fixed there's with a different code change

Code:

FIND

Code:
if (!isset($author)) { $author = ''; }


AFTER, ADD

if (!isset($sid)) { $sid = 0; } else { $sid = intval($sid); }


_________________
Evaders99
 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Apr 15, 2008 1:27 am Reply with quote

Well since it's already fixed... Smile

Thanks for linking

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
gazj
PostPosted: Tue Apr 15, 2008 1:39 am Reply with quote

yeah but thats assuming people stay upto date Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©