BugTraq
Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Sep 24 2006 08:48AM
x82_ bk ru
funny advisory.. ;)

Here is our fix:

-------------------------------------

if ($_GET['page'] < "0")

{

$this->page = 1;

}

-------------------------------------

Add this near line 480 in function getPostIds()

And by the way this isn't critical, because intval is used before, not because it's ORDER BY... ;)

best regards,

x82

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus