measures due to a bug in a function implementing the "friendly URLs"
feature
introduced in version 3.0.0 of the IPB forum.
line | file: admin/sources/base/ipsRegistry.php
1188 | private static function _fUrlInit()
1189 | {
... |
1195 | if ( ipsRegistry::$settings['use_friendly_urls'] )
1196 | {
... |
user supplied parameters within SQL queries. It is also used during the
authentication in class.cuser.php:
class CUser extends CZBXAPI{
---[cut]---
public static function get($options=array()){
---[cut]---
// users
if(!is_null($options['users'])){
zbx_value2array($options['users']);
$sql_parts['where'][] = DBcondition('u.alias', $options['users'],
* To compile:
* mtasc -swf Quiz.swf -main -header 10:10:10 Quiz.as
*/
class Quiz {
static function main(mc) {
getURL("javascript:someFunction('" + escape(_root.userDefined) + "')");
}
}
Question
| Unrestricted File Upload |
+--------------------------+
The vulnerable code is located in /libraries/filesystem.class.php
3143. public static function checkFile($name) {
3144. if ($GLOBALS['configuration']['file_black_list'] != '') {
3145. $blackList = explode(",", $GLOBALS['configuration']['file_black_list']);
3146. } else {
3147. $blackList = array();
3148. }
