Announcement

Collapse
No announcement yet.

Reported 4.0.2 PL1 XSS Vunerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reported 4.0.2 PL1 XSS Vunerability

    Regarding this reported exploit: http://inj3ct0r.com/exploits/9697

    An official patch is forthcoming. Meanwhile I have attached a patched type.php file to this message. Unzip that file and upload it, replacing the existing ../vb/search/type.php file

    Note: This is for those running 4.0.2 PL1 only.

    If for some reason you want to apply this patch yourself, find the following file:

    ../vb/search/type.php

    In that type.php file, find this near the bottom of the file:

    'query' => TYPE_STR,

    Replace that with this:

    'query' => TYPE_NOHTML,

    Please note that if you have already applied Paul M's patch here, then you do not have to apply this patch.

    Attachment: type..zip
    Last edited by calorie; Sun 21 Mar '10, 10:41am.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X