<<< Date Index >>>     <<< Thread Index >>>

Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability



funny advisory.. ;)
Here is our fix:

-------------------------------------
if ($_GET['page'] < "0") 
{
  $this->page = 1;
}
-------------------------------------

Add this near line 480 in function getPostIds()
And by the way this isn't critical, because intval is used before, not because 
it's ORDER BY... ;)


best regards,

x82