Уязвимости форумов Invision Power Board
Отныне сюда пишем уязвимости форумов blind.gif

IPB Security Update (10 May 2005) Options
It has come to our attention that there is a potential vulnerability present in IPB 1.3.x and IPB 2.0.x

As part of our ongoing effort to improve security we have released a security update.

This update affects two files "sources/post.php" and "sources/lib/usercp_functions.php".

The main download zip (IPB 2.0.4) has been updated and the IPB 2.0.4 upgrade zip has been updated.

IPB 2.0.x Manual Patch Instructions

sources/post.php (Line: 579)
QUOTE
//-----------------------------------------
// Add to mail queue
//-----------------------------------------

$DB->do_insert( 'mail_queue', array( 'mail_to' => $r['email'], 'mail_date' => time(), 'mail_subject' => $ibforums->lang['tt_subject'], 'mail_content' => $std->txt_safeslashes($this->email->message) ) );


sources/post.php (Line: 693)


QUOTE
$DB->do_insert( 'mail_queue', array( 'mail_to' => $r['email'], 'mail_date' => time(), 'mail_subject' => $ibforums->lang['ft_subject'], 'mail_content' => $std->txt_safeslashes($this->email->message) ) );


sources/lib/usercp_functions.php (Line: 948)
QUOTE
//-----------------------------------------
// Check to make sure we don't just have
// http:// in the URL box..
//-----------------------------------------

if ( preg_match( "/^http://$/i", $ibforums->input['url_avatar'] ) )
{
$ibforums->input['url_avatar'] = "";
}

if ( preg_match( "#javascript:#is", $ibforums->input['url_avatar'] ) )
{
$ibforums->input['url_avatar'] = "";
}

if ( empty($ibforums->input['url_avatar']) )