News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Internet Storm Center:
Invision Power Board Vulnerability
June 01, 2006 @ 14:59:35

In a previous post on the Internet Storm Center website, they mentioned an issue that had come up with the Invision Board PHP/MySQL message board system by which a user clicking on a certian kind of link would push a .wmf exploit to the user.

More information about the exploit and the updates that the Invision Board team have made to counteract it can be found in this board pasting.

Unfortunately, there has also already been an incident with the exploit, causing the boards of "a large company" that was using it as a forum for its customers. Links started showing up that were causing problems, redirecting users to another server's page that pushed the bad .wmf file to them.

If you are running an Invision Board version before 2.1.6, it is stringly suggested you upgrade.

1 comment voice your opinion now!
security invision power board message exploit vulnerability security invision power board message exploit vulnerability


blog comments powered by Disqus

Similar Posts

Rafael Dohms' Blog: PHP Security: Are you paying attention?

Chance Garcia's Blog: TEKX Tutorials - Best Practices & Being the Bad Guy

PHP.net: PHP 5.3.27 Released - PHP 5.3 Reaching End of Life

PHP Security Blog: Why I don\'t fear the Zend Framework

Pierre-Alain Joye's Blog: PHP Security Conference in Paris, 2007/01/29


Community Events





Don't see your event here?
Let us know!


install interview laravel configure library language api bugfix list wordpress symfony introduction code podcast community developer application threedevsandamaybe release series

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework