[VIM] Partial details on Invision Power Board (IPB) PHP execution issue

nikns nikns at secure.lv
Mon May 22 14:09:25 EDT 2006


>Right! It is *fairly* impossible that this patch fixes 
>PHP code execution flaw.
>But instead it looks like it could fix XSS.

Well, I will correct myself there.
After reading "Invision Vulnerabilities, including remote code execution"
on bugtraq, I am quite inpressed about regexp hacking. *grin*


>
>I that invision forum advisory post is nothing stated about
>PHP code execution:
>    "It has come to our attention that Invision Power 
>Board 2.0.x and  Invision Power Board 2.1.x  contains two areas 
>where malicious code could be executed."
>
>I suppose they was thinking about html code execution ;]
>but secunia and securityfocus took out from nowhere that
>it is php code.
>
>So, maybe lets call it XSS vulns?
>
>
>nikns


More information about the VIM mailing list