20 replies to this topic

[Hydrogen]

Hello everyone.

I just patched the board with the security update recently released at IPS. This security fix fixes some exploits that have been brought up . Here is the official post:

This post outlines the steps required to update your IPB 2.0.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.6 since the time of this post, there is no need to update your installation as the main download has been updated.

It has come to our attention that Invision Power Board 2.0.x and Invision Power Board 2.1.x contains two areas where malicious code could be executed. One area requires moderator access and other other requires a carefully crafted POST or GET request. Even though we've not been successful in expoiting IPB 2.1.6 using these methods in our own trials, we felt it best to strengthen security in these areas.

This discovery is based on research from Gulftech.org, a leading security company, and as such has not had full public disclosure.

This security update has a full version number of: 21012.60516.s.
Please read our KB article on how to locate your full version number.

Enjoy .

If you find any problems, please let me know and i will try to fix them immediately .

[Freddy]

Hydro is always on it.

I think Cata was telling me something about this how he got through and told some admin at codex or something like that. Anyways, nice work Hydrogen, keep us safe.

[X23X]

Wtf is cata doing to know abou that come on bow nice find though your right hydros always on it

[Silk]

Yaaay! Nice one Hydro!

[travis]

Hmph, too bad that search exploit is still there.

Edited by Travis, 17 May 2006 - 02:05 PM.

[Cory]

There where two post about it from cata. I guess I am glad to see it get fixed, even though I dont have a clue what it was about. I think I read that it had something to do with the search function. I dont know though.

Good job invision / hyrdo / cata.

[Krnsaber]

Invisions always updating

[pyke]

Spiffeh. The more, the merrier xD

[Harley]

ooooOOooOOoOOoOOOOOO a bug. Big bird will eat it.

[redlion]

Invisions always updating

Would you rather they didn't?

Personally I'm glad we use invision and not some shitty, super exploitable board. Yay for IPB!

[Harley]

Yah for IPB! Big bird gulps redlion.

[Mr. Hobo]

Hmph, too bad that search exploit is <b>still there</b>.

Why didn't it bold your text? o.0

Good job Hydro.

[Harley]

Why didn't it bold your text? o.0

Good job Hydro.

Cus thats html guv'

Bbcode is the way to go!

Even big bird knew that.

[travis]

I used html and not bbcode:p

[Cataliste]

Everyone, please do not be confused. The exploit I found is still working. IPB has not seen fit to patch it yet. I am going to submit a formal bug report tomorrow since today is my birthday. Gonna drink Bicardi like it's my birthday! (Cuz it is)

[Harley]

Oooo my birthdays is in twop days. Happy birthday ctalistisiei!1

[Raui]

awesome going there dro you seem to always be ontop of these security bugs

[ShadowLink64]

Good job Hydro; didn't even notice there was a fix available.

[Hydrogen]

Good job Hydro; didn't even notice there was a fix available.

i subscribe to their rss

[Harley]

-Big bird hits hydrogen and drags his body into the closet-