Tweet
Regarding this reported exploit: http://inj3ct0r.com/exploits/9697
An official patch is forthcoming. Meanwhile I have attached a patched type.php file to this message. Unzip that file and upload it, replacing the existing ../vb/search/type.php file
Note: This is for those running 4.0.2 PL1 only.
If for some reason you want to apply this patch yourself, find the following file:
../vb/search/type.php
In that type.php file, find this near the bottom of the file:
'query' => TYPE_STR,
Replace that with this:
'query' => TYPE_NOHTML,
Please note that if you have already applied Paul M's patch here, then you do not have to apply this patch.
Attachment: type..zip
An official patch is forthcoming. Meanwhile I have attached a patched type.php file to this message. Unzip that file and upload it, replacing the existing ../vb/search/type.php file
Note: This is for those running 4.0.2 PL1 only.
If for some reason you want to apply this patch yourself, find the following file:
../vb/search/type.php
In that type.php file, find this near the bottom of the file:
'query' => TYPE_STR,
Replace that with this:
'query' => TYPE_NOHTML,
Please note that if you have already applied Paul M's patch here, then you do not have to apply this patch.
Attachment: type..zip
