#1: Wichtig unbedingt lesen Gefahr Autor: spoddig, Verfasst am: 21.11.2004 23:51 ---- Hier erstmal ein Link da findet Ihr genaueres das CPG ist auch betroffen habe den mist schon geƤndert auf der cpgnuke.com gibt es ein Update www.heise.de/newsticke...dung/53499
#2: Re: Wichtig unbedingt lesen Gefahr Autor: spoddig, Verfasst am: 21.11.2004 23:55 ---- Hier der text von CPGNUKE.com
CRITICAL SECURITY BULLETIN
Following my original post here regarding the recent phpBB search highlighting exploit, the phpBB Group has become aware that the exploit can be taken advantage of, in a serious way. This clearly contradicts what I said in my original post, but this IS serious folks. We cannot urge you strongly enough to apply the fix below. This fix does NOT pertain to CPG-Nuke 9, it is immune because of our new quote handling system.
Note: If you applied the earlier fix for .htaccess, keep it - it's a good security measure to take.
The Patch
Open up modules/Forums/viewtopic.php
Find on line ~514:
PHP:
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));