[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060924084821.26993.qmail@securityfocus.com>
Date: 24 Sep 2006 08:48:21 -0000
From: x82_@...ru
To: bugtraq@...urityfocus.com
Subject: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
funny advisory.. ;)
Here is our fix:
-------------------------------------
if ($_GET['page'] < "0")
{
$this->page = 1;
}
-------------------------------------
Add this near line 480 in function getPostIds()
And by the way this isn't critical, because intval is used before, not because it's ORDER BY... ;)
best regards,
x82
Powered by blists - more mailing lists