[VIM] Partial details on Invision Power Board (IPB) PHP execution issue
Steven M. Christey
coley at linus.mitre.org
Mon May 22 23:12:34 EDT 2006
On Mon, 22 May 2006, nikns wrote:
> >Review of the patch suggests which variables are cleansed and which
> >files are affected, but it's not clear how the variables relate to
> >externally controlled inputs, nor is it clear about how it leads to
> >PHP code execution.
> Right! It is *fairly* impossible that this patch fixes
> PHP code execution flaw.
> But instead it looks like it could fix XSS.
I could see how something that might be "XSS" could turn into PHP code
execution - if the HTML is injected into a static page that's later
included by PHP, for example.
For me, all I had was the source code - I didn't do any live testing.
> I that invision forum advisory post is nothing stated about
> PHP code execution:
> "It has come to our attention that Invision Power
> Board 2.0.x and Invision Power Board 2.1.x contains two areas
> where malicious code could be executed."
It's hard to tell what they really mean here. This lack of precision
causes trouble sometimes :)
More information about the VIM