[VIM] Partial details on Invision Power Board (IPB) PHP execution issue

Steven M. Christey coley at linus.mitre.org
Mon May 22 23:12:34 EDT 2006

On Mon, 22 May 2006, nikns wrote:

> >Review of the patch suggests which variables are cleansed and which
> >files are affected, but it's not clear how the variables relate to
> >externally controlled inputs, nor is it clear about how it leads to
> >PHP code execution.
> Right! It is *fairly* impossible that this patch fixes
> PHP code execution flaw.
> But instead it looks like it could fix XSS.

I could see how something that might be "XSS" could turn into PHP code
execution - if the HTML is injected into a static page that's later
included by PHP, for example.

For me, all I had was the source code - I didn't do any live testing.

> I that invision forum advisory post is nothing stated about
> PHP code execution:
>     "It has come to our attention that Invision Power
> Board 2.0.x and  Invision Power Board 2.1.x  contains two areas
> where malicious code could be executed."

It's hard to tell what they really mean here.  This lack of precision
causes trouble sometimes :)

- Steve

More information about the VIM mailing list