[phpslash-users] phpSlash "story_id" Parameter Remote SQL Injection Vulnerability

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

hi everyone

I just caught this in my rss feed :

http://pridels.blogspot.com/2005/12/phpslash-sql-vuln.html
http://www.frsirt.com/english/advisories/2005/3044

dunno what the exploit looks like, but I immediately made this
modification to my file Story.class

    function getStory($story_id, $mode, $argv_ary="", $tpl="") {
[+]      $story_id = @(int) $story_id;

be well

tobozo