YaBB SE Community

YaBB SE Info => News From the YaBB SE Team => Topic started by: Jeff Lewis on February 22, 2004, 10:05:26 AM

Title: Patch for Post.php in Yse 1.5.5
Post by: Jeff Lewis on February 22, 2004, 10:05:26 AM
We have been notified of a small hole in Post.php and as a result we have posted a patch on the downloads page.

There are two options to correct this. You can use BoardMOD to install the mod file or you can replace the default Post.php with the version in the download.

A direct link is: http://www.yabbse.org/1_5_5_post_patch.zip
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: Ale on February 22, 2004, 12:21:35 PM
Thanks.  :D
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: geber on February 22, 2004, 12:58:42 PM
thx  :)
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: i12yabb on February 22, 2004, 02:02:11 PM

thanks for alert
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: CERT on February 22, 2004, 02:56:51 PM
Any details on what the problem was?
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: Jeff Lewis on February 22, 2004, 03:01:49 PM
A variable wasn't being forced to an integer so it was allowing injection of code if someone wanted to do so.
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: Chris Cromer on February 22, 2004, 03:02:22 PM
It is a security hole. And I don't think anything more should be posted about it. Install it to make you board more secure.
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: BusteD on February 22, 2004, 09:35:24 PM
i found out the vuln on the first day it was released,
And posted in this board, And after sum minutes I was amazed to find that the thread has disappeard into thin air  ;)

Any way,  I was worried, coz my board was also one at risk. So i mailed some of the developers, and thank God finally it has come out,

I am not mad coz u guys deleted the post. I know its sumthing that shud b done. coz the more ppl know about it the more threat there is... So kwel guys,
 8)
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: Chris Cromer on February 22, 2004, 11:40:38 PM
It probably was moved(to a developer/admin board), not deleted.

Would you really want people reading that thread and then using the info in it to hack yours and other people's boards? ;)
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: BusteD on February 23, 2004, 12:13:00 AM
actaully i understand it,
i was in a rush just to let you guys know that this existed,
So posted there,

no sweat,
Actaully its a nice thing,
Coz when only they find the vulns you guys b able to fix it,
So day by day this will be getting much secure,

Anyway, My idea of SMF is it RULEZZZZZZZZZ,
totally kwel,
cant wait to get my hands on it,
Title: Re:Patch for Post.php in Yse 1.5.5
Post by: homie on March 04, 2004, 09:17:51 AM
Thx