i took a slightly different approach in tackling this vulnerability
report, but it looks like vote_view() got missed. There should be a
$db->quote() around the bug_id in the query.
On Nov 18, 2005, at 5:45 AM, Marco Kuhn wrote:
> hi all,
>
> i read about some security vulnerability in phpbt version 0.9.1.
> I know,that this reports are 1 year ago, but the current CVS version
> contain not the patch described below.
>
> reports:
> http://networksecurityarchive.org/html/Vuln-Dev/2004-11/msg00197.html
> http://networksecurityarchive.org/html/Vuln-Dev/2004-11/msg00208.html
>
> patch:
> http://www.phpsecure.info/v2/.php?zone=pDl&id=169
>
> e.g. the patch for vote_view($bug_id) in bug.php:
> the patch check the variable $bug_id witch
> $bug_id = intval($bug_id);
>
> Did you fix the security gap differently?
>
> Best reagards
>
> -- marco
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
> Register for a JBoss Training Course. Free Certification Exam
> for All Training Attendees Through End of 2005. For more info visit:
> http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
> _______________________________________________
> phpbt-dev mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpbt-dev
|
