Monday, December 27, 2010

Invision Power Board 3.0.5 Nulled

This is a maintenance release for IP.Board 3 and addresses various bugs, security enhancements, and performance improvements.

Acronis True Image 2011 Family Pack banner 250x250

Major Changes Since 3.0.4
Among many dozens of smaller bugs fixed and performance improvements, the following security enhancements were made:

* SQL and local file include issue fixed. Note: Due to protection within the SQL driver classes, it is very difficult to effectively exploit IP.Board using this attack. Also you need moderator permissions to perform any exploit. We've hardened this code regardless. Also, due to the input cleaning functions IP.Board uses, the local file include is limited to PHP files on the file system as the usual 'null byte' trick is ineffective.
* Internet Explorer XSS Issue due to incorrect attachment handling fixed.

Security Fix 305xss_march10
It has come to our attention that there is a possible XSS exploit present in both IP.Board 2.3.6 and 3.0.x. This vulnerability allows the attacker to insert CSS or javascript into certain BBCodes that is executed when a user displays the page.

Please download the relevant zip for your IP.Board. Expand the zip file and upload the file over the copy on your server. No other action is required.

Deposit Files:

No comments:

Post a Comment