[ShakingSpirit]

forums.invisionpower.com said:

It has come to our attention that due to the way some browsers interpret image tags a vulnerability exists which allows a malicious user to perform an XSS attack by forcing an "onerror" event in the snapback tag.

To update your board, simply download the attached ZIP file, unarchive it and upload 'sources/classes/bbcode/class_bbcode_core.php' over the one on your server. If you wish to patch your board manually, please read the second post in this announcement.

The main download has been updated as of the time of this announcement.

http://forums.invisionpower.com/index.php?showtopic=227937&pid=1431980&mode=threaded&show=&st=0#entry1431980

Don't know if you've caught this yet, but could be worth patching before a PoC is produced

[Karl Buckland]

Arse - they didn't make a new announcement about this, they simply added onto a previous one...

Still, it's updated now. Thanks for the heads up ShakingSpirit!

[ShakingSpirit]

Caught me out too, hense why this is 2 days late

I thought that the previous one was pretty silly; why would an administrator, with 'root' access to the db, need to hack their own board?

This post has been edited by ShakingSpirit: 21 October 2006 - 12:05 PM

[marcamos]

ShakingSpirit, on Oct 21 2006, 01:04 PM, said:

Caught me out too, hense why this is 2 days late

I thought that the previous one was pretty silly; why would an administrator, with 'root' access to the db, need to hack their own board?

On a certain Thursday afternoon, when the temperature is between 45 and 47 degrees farenheit, when the sky is grey, and an airplane flies overhead, I can see how it is possible.

[Ben Abrams]

was there not a warning in the admin page of ACP? usually lets you know when there is a critical update.

[Karl Buckland]

benbramz, on Oct 22 2006, 12:51 PM, said:

was there not a warning in the admin page of ACP? usually lets you know when there is a critical update.

Yes, but it was so soon after we updated the forums with new code (and the previous security update), that I assumed I had forgotten to reset the warning - especially considering the security update in question had been edited - a new update wasn't posted.