[خبر] ترقيع رسمي : Reported 4.0.2 PL1 XSS Vunerability

حبوب الجميع

عضو جديد
12 أغسطس 2009
60
0
0
Regarding this reported exploit: http://inj3ct0r.com/exploits/9697

An official patch is forthcoming. Meanwhile I have attached a patched type.php file to this message. Unzip that file and upload it, replacing the existing ../vb/search/type.php file

Note: This is for those running 4.0.2 PL1 only.

If for some reason you want to apply this patch yourself, find the following file:

../vb/search/type.php

In that type.php file, find this near the bottom of the file:

'query' => TYPE_STR,

Replace that with this:

'query' => TYPE_NOHTML,

Please note that if you have already applied Paul M's patch here, then you do not have to apply this patch.

Attachment: type..zip


http://www.vbulletin.com/forum/showthread.php?346345-Reported-4.0.2-PL1-XSS-Vunerability

=========

انا في الحقيقة ما فهمت كيفية ترقيع الثغرة ..
حبذا أحد الاخوة التوضيح لنا أكثر .. واكون له شاكر وممنون .