[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Invision Gallery 2.0.7 SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Invision Gallery 2.0.7 SQL Injection Vulnerability
From: emin@xxxxxxxxxxx
Date: 4 Dec 2006 06:31:00 -0000

To fix this, you would need to change forum/modules/gallery/post.php at about 
line 153

from 

if( $this->ipsclass->input['op'] == 'doaddcomment' )
{
        $this->process_reply( $this->ipsclass->input['img'] );
}
else
{
        $this->reply_form( $this->ipsclass->input['img'] );
}

to

$img = intval($this->ipsclass->input['img']);
if( $this->ipsclass->input['op'] == 'doaddcomment' )
{
        $this->process_reply($img);
}
else
{
        $this->reply_form( $img );
}

Prev by Date: [Aria-Security Team] uGestBook SQL Injection Vuln
Next by Date: [SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities
Previous by thread: Invision Gallery 2.0.7 SQL Injection Vulnerability
Next by thread: [SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation
Index(es):
- Date
- Thread