BugTraq
Back to list
|
Post reply
Re: Another YabbSE SQL Injection
Feb 16 2004 09:05PM
Mike Bobbitt (mike army ca)
In-Reply-To: <002a01c3f4c3$d6eecc40$381e5a0a@desanet69>
Correction... the code change needs to be as follows:
Find:
$quotemsg = $quote;
Change to:
if ( $quote && !is_numeric($quote) )
{
die('Go out C==|=======>');
}
$quotemsg = $quote;
----
Otherwise you won't be able to use the standard reply button.
Cheers and thanks for the info.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Correction... the code change needs to be as follows:
Find:
$quotemsg = $quote;
Change to:
if ( $quote && !is_numeric($quote) )
{
die('Go out C==|=======>');
}
$quotemsg = $quote;
----
Otherwise you won't be able to use the standard reply button.
Cheers and thanks for the info.
[ reply ]