[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another YabbSE SQL Injection

To: bugtraq@securityfocus.com
Subject: Re: Another YabbSE SQL Injection
From: Mike Bobbitt <mike@army.ca>
Date: 16 Feb 2004 21:05:18 -0000

In-Reply-To: <002a01c3f4c3$d6eecc40$381e5a0a@desanet69>

Correction... the code change needs to be as follows:

Find:

 $quotemsg = $quote;

Change to:

 if ( $quote && !is_numeric($quote) )
 {
    die('Go out C==|=======>');
 }

 $quotemsg = $quote;

----

Otherwise you won't be able to use the standard reply button.

Cheers and thanks for the info.

Prev by Date: Re: W2K source "leaked"?
Next by Date: Re: Misinformation in Security Advisories (ASN.1)
Previous by thread: Another YabbSE SQL Injection
Next by thread: AllMyGuests PHP Code Injection vulnerability
Index(es):
- Date
- Thread