[VIM] Partial details on Invision Power Board (IPB) PHP execution issue
nikns
nikns at secure.lv
Mon May 22 11:55:45 EDT 2006
>Review of the patch suggests which variables are cleansed and which
>files are affected, but it's not clear how the variables relate to
>externally controlled inputs, nor is it clear about how it leads to
>PHP code execution.
Right! It is *fairly* impossible that this patch fixes
PHP code execution flaw.
But instead it looks like it could fix XSS.
I that invision forum advisory post is nothing stated about
PHP code execution:
"It has come to our attention that Invision Power
Board 2.0.x and Invision Power Board 2.1.x contains two areas
where malicious code could be executed."
I suppose they was thinking about html code execution ;]
but secunia and securityfocus took out from nowhere that
it is php code.
So, maybe lets call it XSS vulns?
nikns
More information about the VIM
mailing list