Welcome, Guest. Please Login or Register.
November 23, 2024, 09:39:14 AM
Home Help Search Log in Register
News: SMF is the next generation in forum software, almost completely re-written from the ground up, make sure you don't fall for cheap imitations that suffer from feature bloat!

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  Patch for Post.php in Yse 1.5.5 « previous next »
Pages: [1] Reply Ignore Print
Author Topic: Patch for Post.php in Yse 1.5.5  (Read 65811 times)
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Patch for Post.php in Yse 1.5.5
« on: February 22, 2004, 03:05:26 PM »
Reply with quote

We have been notified of a small hole in Post.php and as a result we have posted a patch on the downloads page.

There are two options to correct this. You can use BoardMOD to install the mod file or you can replace the default Post.php with the version in the download.

A direct link is: http://www.yabbse.org/1_5_5_post_patch.zip
« Last Edit: February 22, 2004, 06:11:59 PM by Jeff Lewis » Logged

Ale
Noobie
*
Posts: 24


Re:Patch for Post.php in Yse 1.5.5
« Reply #1 on: February 22, 2004, 05:21:35 PM »
Reply with quote

Thanks.  :D
Logged

:X:
PĀ„rata

Las fronteras no existen para el conocimiento y la verdad
geber
Noobie
*
Posts: 42


Ich will raus!

Re:Patch for Post.php in Yse 1.5.5
« Reply #2 on: February 22, 2004, 05:58:42 PM »
Reply with quote

thx  :)
Logged
i12yabb
Noobie
*
Posts: 2


I love YaBB SE! I like to YaBb a bit

Re:Patch for Post.php in Yse 1.5.5
« Reply #3 on: February 22, 2004, 07:02:11 PM »
Reply with quote


thanks for alert
Logged

" I am always somewhere, either here or there, right now I'm here "
CERT
Noobie
*
Posts: 23


Re:Patch for Post.php in Yse 1.5.5
« Reply #4 on: February 22, 2004, 07:56:51 PM »
Reply with quote

Any details on what the problem was?
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:Patch for Post.php in Yse 1.5.5
« Reply #5 on: February 22, 2004, 08:01:49 PM »
Reply with quote

A variable wasn't being forced to an integer so it was allowing injection of code if someone wanted to do so.
Logged

Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Patch for Post.php in Yse 1.5.5
« Reply #6 on: February 22, 2004, 08:02:22 PM »
Reply with quote

It is a security hole. And I don't think anything more should be posted about it. Install it to make you board more secure.
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
BusteD
Noobie
*
Posts: 15


I'm a llama!

Re:Patch for Post.php in Yse 1.5.5
« Reply #7 on: February 23, 2004, 02:35:24 AM »
Reply with quote

i found out the vuln on the first day it was released,
And posted in this board, And after sum minutes I was amazed to find that the thread has disappeard into thin air  ;)

Any way,  I was worried, coz my board was also one at risk. So i mailed some of the developers, and thank God finally it has come out,

I am not mad coz u guys deleted the post. I know its sumthing that shud b done. coz the more ppl know about it the more threat there is... So kwel guys,
8)
Logged

without this, I am busted
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Patch for Post.php in Yse 1.5.5
« Reply #8 on: February 23, 2004, 04:40:38 AM »
Reply with quote

It probably was moved(to a developer/admin board), not deleted.

Would you really want people reading that thread and then using the info in it to hack yours and other people's boards? ;)
« Last Edit: February 23, 2004, 04:41:02 AM by Chris Cromer » Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
BusteD
Noobie
*
Posts: 15


I'm a llama!

Re:Patch for Post.php in Yse 1.5.5
« Reply #9 on: February 23, 2004, 05:13:00 AM »
Reply with quote

actaully i understand it,
i was in a rush just to let you guys know that this existed,
So posted there,

no sweat,
Actaully its a nice thing,
Coz when only they find the vulns you guys b able to fix it,
So day by day this will be getting much secure,

Anyway, My idea of SMF is it RULEZZZZZZZZZ,
totally kwel,
cant wait to get my hands on it,
Logged

without this, I am busted
homie
Jr. Member
**
Posts: 74


I Love YaBB SE.

Re:Patch for Post.php in Yse 1.5.5
« Reply #10 on: March 04, 2004, 02:17:51 PM »
Reply with quote

Thx
Logged

Pages: [1] Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  Patch for Post.php in Yse 1.5.5 « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.015 seconds with 20 queries.