Influx and Lustrous Upgraded to vBulletin 4.1.4

Support Forum

vBulletin Skins, IPB Skins, phpBB Skins and SMF Skins Support Forum


Go Back   ForumThemes Forums > ForumThemes News & Announcements > Industry News
Reported 4.0.2 PL1 XSS Vunerability Reported 4.0.2 PL1 XSS Vunerability
Register Projects FAQ Calendar Search Today's Posts Mark Forums Read

Follow ForumThemes on Twitter!
Acquiring Tweets
Follow us on Twitter!

Reply
 
LinkBack Thread Tools Display Modes
Old 03-21-2010, 07:28 PM   #1 (permalink)
Customer
  • Join Date: Jan 2009
  • Location: Canada
  • Posts: 1,949
  • User Status: Offline
  • Contact this user:

    Send a message via AIM to william Send a message via MSN to william


Exclamation Reported 4.0.2 PL1 XSS Vunerability
Regarding this reported exploit: http://inj3ct0r.com/exploits/9697

An official patch is forthcoming. Meanwhile I have attached a patched type.php file to this message. Unzip that file and upload it, replacing the existing ../vb/search/type.php file

Note: This is for those running 4.0.2 PL1 only.

If for some reason you want to apply this patch yourself, find the following file:

../vb/search/type.php

In that type.php file, find this near the bottom of the file:

'query' => TYPE_STR,

Replace that with this:

'query' => TYPE_NOHTML,

Please note that if you have already applied Paul M's patch here, then you do not have to apply this patch.

Attachment: Attachment 43970
Attached Files
  Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Powered by: vBulletin Versio3.8.7
Copyright ©2000 - 2012, Jelsoft Enterprises Limited.

SEO by vBSEO 3.3.0

1 2 3 4 5 6 7 8 9 10 11 12