[VIM] Partial details on Invision Power Board (IPB) PHP execution issue

nikns nikns at secure.lv
Mon May 22 14:09:25 EDT 2006

>Right! It is *fairly* impossible that this patch fixes 
>PHP code execution flaw.
>But instead it looks like it could fix XSS.

Well, I will correct myself there.
After reading "Invision Vulnerabilities, including remote code execution"
on bugtraq, I am quite inpressed about regexp hacking. *grin*

>I that invision forum advisory post is nothing stated about
>PHP code execution:
>    "It has come to our attention that Invision Power 
>Board 2.0.x and  Invision Power Board 2.1.x  contains two areas 
>where malicious code could be executed."
>I suppose they was thinking about html code execution ;]
>but secunia and securityfocus took out from nowhere that
>it is php code.
>So, maybe lets call it XSS vulns?

More information about the VIM mailing list