058-016 - Acronym Mod v0.9.5 Remote SQL Injection

The time now is Tue 16 Apr, 2024 06:38 • All times are UTC + 1 Hour [DST enabled]

058-016 - Acronym Mod v0.9.5 Remote SQL Injection

Page 1 of 1

ThE KuKa

Joined: August 2006
Posts: 489
Location:

Sabadell

058-016 - Acronym Mod v0.9.5 Remote SQL Injection

Hi all,

The Acronym Mod which is included in phpBB XS 2 Build 058b is Vulnerable and should be fixed ASAP.
Please make these codechanges in the file /adm/admin_acronyms.php

OPEN admin_acronyms.php

FIND

Code: [Download] [Hide] [Select]

$acronym_id = ( isset($_GET['id']) ) ? $_GET['id'] : 0;

REPLACE WITH

Code: [Download] [Hide] [Select]

$acronym_id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0;

FIND

Code: [Download] [Hide] [Select]

$acronym_id = ( isset($_POST['id']) ) ? $_POST['id'] : 0;

REPLACE WITH

Code: [Download] [Hide] [Select]

$acronym_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : 0;

FIND

Code: [Download] [Hide] [Select]

$acronym_id = ( isset($_POST['id']) ) ? $_POST['id'] : $_GET['id'];

REPLACE WITH

Code: [Download] [Hide] [Select]

            $acronym_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : intval($_GET['id']);

Thanks MG to FIX.

Greets

____________
ThE KuKa - www.phpBB-Es.COM - Custom Installations phpBB

#1 Sun 07 Jan, 2007 02:27

Sponsors	Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Page 1 of 1

Was this topic useful?

Link this topic
URL
BBCode
HTML

The time now is Tue 16 Apr, 2024 06:38 • All times are UTC + 1 Hour [DST enabled]

Permissions List

You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

Icy Phoenix

058-016 - Acronym Mod v0.9.5 Remote SQL Injection

Was this topic useful?

Was this topic useful?