Bugtraq mailing list archives

Re: Another YabbSE SQL Injection

From: Mike Bobbitt <mike () army ca>
Date: 16 Feb 2004 21:05:18 -0000

In-Reply-To: <002a01c3f4c3$d6eecc40$381e5a0a@desanet69>

Correction... the code change needs to be as follows:

Find:

 $quotemsg = $quote;

Change to:

 if ( $quote && !is_numeric($quote) )
 {
    die('Go out C==|=======>');
 }

 $quotemsg = $quote;

----

Otherwise you won't be able to use the standard reply button.

Cheers and thanks for the info.

Current thread:

Another YabbSE SQL Injection backspace (Feb 16)
- <Possible follow-ups>
- Re: Another YabbSE SQL Injection Mike Bobbitt (Feb 16)