From: Benjamin C. <php...@be...> - 2005-11-22 04:50:36
|
i took a slightly different approach in tackling this vulnerability report, but it looks like vote_view() got missed. There should be a $db->quote() around the bug_id in the query. On Nov 18, 2005, at 5:45 AM, Marco Kuhn wrote: > hi all, > > i read about some security vulnerability in phpbt version 0.9.1. > I know,that this reports are 1 year ago, but the current CVS version > contain not the patch described below. > > reports: > http://networksecurityarchive.org/html/Vuln-Dev/2004-11/msg00197.html > http://networksecurityarchive.org/html/Vuln-Dev/2004-11/msg00208.html > > patch: > http://www.phpsecure.info/v2/.php?zone=pDl&id=169 > > e.g. the patch for vote_view($bug_id) in bug.php: > the patch check the variable $bug_id witch > $bug_id = intval($bug_id); > > Did you fix the security gap differently? > > Best reagards > > -- marco > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. Get Certified Today > Register for a JBoss Training Course. Free Certification Exam > for All Training Attendees Through End of 2005. For more info visit: > http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click > _______________________________________________ > phpbt-dev mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpbt-dev |