Discuss all about IPB 2.1.7 Security Update (Low Risk)

Discuss IPB 2.1.7 Security Update (Low Risk) at Bulletin Board News, All the latest information from vBulletin, Invision Power Board and phpBB, all put together in some forum for your joy and pleasure. Up to the minute news about the from The Staff Lounge, Your vBulletin Resource. We'.



Go Back - Forums
The Staff Lounge Navigation - TSL Community Forums Navigation - TSL Bulletin Board News IPB 2.1.7 Security Update (Low Risk)
Private Messages Welcome to Your vBulletin Resource
Welcome Back Improve Your Community Today

Post New Thread  Reply
 
LinkBack Thread Tools Thread Tools Feed Icon
  #1  
Old 10-06-2006, 05:21 PM
IPB News
TSL Fixated
  
Post Count Posts: 87
Icon5 IPB 2.1.7 Security Update (Low Risk)
permalink
Up to the minute news about the from The Staff Lounge, Your vBulletin Resource. We'll find the latest news so you can chat about here.
Quote:
IPB 2.1.x Low Risk Security Update

It has come to our attention that a relatively low risk XSS attack can be performed on an administrator in IPB 2.1.x. For this XSS attack to take place, the malicious user must store an avatar on their server that appears to be a legitimate image file but is actually a script that is set to redirect the browser to another location. The administrator must have 'root' access and must load the avatar in the ACP by searching for the member in the ACP's "Search Member" form.

Even though the XSS attack requires a very specific sequence of events, we consider that it's worth performing this security update. The security update is only a single ACP file which removes the user's avatar from displaying in the search results page. IPB 2.2.0, currently nearing release candidate status has increased security in the ACP which means this attack would not be successful.

To update your installation, simply download the attached file and upload the file "sources/action_admin
* IPB Newsmber.php" over the one currently used by your installation.


Thu, 05 Oct 2006 10:05:22 -0500
Post your comments about this story, and other news here.

Reply With Quote
Post New Thread  Reply
The Staff Lounge Navigation - TSL Community Forums Navigation - TSL Bulletin Board News
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPB 2.1.7 Security Update (Low and Medium Risk) IPB News Bulletin Board News 0 10-18-2006 08:23 PM
IPB 2.1.x Security Update (06-06-19) IPB News Bulletin Board News 0 06-21-2006 05:00 PM
[IPB] IPB 2.x.x Security Update (04-25-06) IPB News Bulletin Board News 0 04-26-2006 10:54 AM
[IPB] IPB 2.1.x Security Update (03-08-06) IPB News Bulletin Board News 0 04-22-2006 08:42 AM
[IPB] IPB 2.x.x (30/1/06) Security Update IPB News Bulletin Board News 0 04-22-2006 08:42 AM


Forum Directory - vBulletin News - vBulletin Resources - About vBulletin - Forum Development - Forum Articles - Sitemap
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
Links of Interest
The Staff Lounge - Links of Interest
vB Styles
CinVin vBulletin Styles
vBSkinworks
.premodded
My vBulletin Blog
TalkCamp
Link2Share - Link Directory
Webmasters Domain
The Staff Lounge - Links of Interest
SysChat
Raw Sports Talk
The vBulletin Fans Network
Pay Per Click Forums
Domain Name Portal
vBSEO
Final Fantasy Forums