[33747] in bugtraq
Re: Another YabbSE SQL Injection
daemon@ATHENA.MIT.EDU (Mike Bobbitt)
Mon Feb 16 16:29:46 2004
Date: 16 Feb 2004 21:05:18 -0000
Message-ID: <20040216210518.10459.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Mike Bobbitt <mike@army.ca>
To: bugtraq@securityfocus.com
In-Reply-To: <002a01c3f4c3$d6eecc40$381e5a0a@desanet69>
Correction... the code change needs to be as follows:
Find:
$quotemsg = $quote;
Change to:
if ( $quote && !is_numeric($quote) )
{
die('Go out C==|=======>');
}
$quotemsg = $quote;
----
Otherwise you won't be able to use the standard reply button.
Cheers and thanks for the info.
