dj_sj
Gebruiker
- Lid geworden
- 31 mei 2004
- Berichten
- 483
EDIT: Vraagje misschien een Pin waard?
Als je nog de gratis versie van IPB (Invision power board) gebruikt bijv 1.2 of 1.3.1 Final dan moet je wanneer je dit leest gelijk de instructies volgen hieronder!!
Er is namelijk ene lek ondekt waardoor hackers binne 1.5 uur elk wachtwoord kunnen achterhalen.
Wie mij niet gelooft HIER het bewijs!!
Dit is niet moeilijk te verhelpen, volg de volgende instructies:
(Een gekopieerde tekst) =
---------------------------------------------------------
It has come to our attention that a possible vulnerability in two sections of IPB's code could lead to XSS (cross site scripting). This issue has been rated as a medium risk and as part of our ongoing efforts to ensure the security of our products we have released the required patch.
Security Update
The main download files have already been updated. You can log into your client center and re-download the zip and update:
1. sources/topics.php
2. sources/search.php
Or you can follow the instructions below to manually patch your board. We no longer offer IPB 1.3 for download. If you are still running IPB 1.3 then follow the manual patch instructions below.
Manually Patching
Open "sources/topics.php" in a text editor.
Circa line: 805
Open "sources/search.php"
Circa line: 1499
Customers can download the individual patched files here
Affected Versions
IPB 1.3.x
IPB 2.0.x
IPS wishes to thank...
James from GulfTech for bringing this to our attention first.
Powered By IPB:thumb:
EDIT: Sorry dat ik hiermee de skin verpest maarja het is wel belangrijk, omdat veel mensen IPB 1.3.1 F nog gebruiken!!
Als je nog de gratis versie van IPB (Invision power board) gebruikt bijv 1.2 of 1.3.1 Final dan moet je wanneer je dit leest gelijk de instructies volgen hieronder!!
Er is namelijk ene lek ondekt waardoor hackers binne 1.5 uur elk wachtwoord kunnen achterhalen.
Wie mij niet gelooft HIER het bewijs!!
Dit is niet moeilijk te verhelpen, volg de volgende instructies:
(Een gekopieerde tekst) =
---------------------------------------------------------
It has come to our attention that a possible vulnerability in two sections of IPB's code could lead to XSS (cross site scripting). This issue has been rated as a medium risk and as part of our ongoing efforts to ensure the security of our products we have released the required patch.
Security Update
The main download files have already been updated. You can log into your client center and re-download the zip and update:
1. sources/topics.php
2. sources/search.php
Or you can follow the instructions below to manually patch your board. We no longer offer IPB 1.3 for download. If you are still running IPB 1.3 then follow the manual patch instructions below.
Manually Patching
Open "sources/topics.php" in a text editor.
Circa line: 805
PHP:
//-----------------------------------------
// Highlight...
//-----------------------------------------
if ($ibforums->input['hl'])
{
$ibforums->input['hl'] = [b]$std->clean_value[/b](urldecode($ibforums->input['hl']));
$loosematch = strstr( $ibforums->input['hl'], '*' ) ? 1 : 0;
$keywords = str_replace( '*', '', str_replace( "+", " ", str_replace( '-', '', trim($ibforums->input['hl']) ) ) );
$word_array = array();
$endmatch1 = "";
$endmatch2 = "(.)";Open "sources/search.php"
Circa line: 1499
PHP:
function convert_highlite_words($words="")
{
[b]global $std;[/b]
$words = [b]$std->clean_value[/b](trim(urldecode($words)));Customers can download the individual patched files here
Affected Versions
IPB 1.3.x
IPB 2.0.x
IPS wishes to thank...
James from GulfTech for bringing this to our attention first.
Powered By IPB:thumb:
EDIT: Sorry dat ik hiermee de skin verpest maarja het is wel belangrijk, omdat veel mensen IPB 1.3.1 F nog gebruiken!!
Laatst bewerkt:
