[VIM] Partial details on Invision Power Board (IPB) PHP execution issue
nikns at secure.lv
Mon May 22 14:09:25 EDT 2006
>Right! It is *fairly* impossible that this patch fixes
>PHP code execution flaw.
>But instead it looks like it could fix XSS.
Well, I will correct myself there.
After reading "Invision Vulnerabilities, including remote code execution"
on bugtraq, I am quite inpressed about regexp hacking. *grin*
>I that invision forum advisory post is nothing stated about
>PHP code execution:
> "It has come to our attention that Invision Power
>Board 2.0.x and Invision Power Board 2.1.x contains two areas
>where malicious code could be executed."
>I suppose they was thinking about html code execution ;]
>but secunia and securityfocus took out from nowhere that
>it is php code.
>So, maybe lets call it XSS vulns?
More information about the VIM