MyBB Tutorials
MyBB Security Tutorial and Guidelines
Submitted by Blowjob, 23-01-2015, 07:21 AM, Thread ID: 631
Thread Closed
RE: MyBB Security Tutorial and Guidelines
For the 1.6 users out there, here is something you can patch (if you wanna :rly
;
Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=
Error:
Edit search.php
And find the code
Replace it with
Now save it.
Source: http://packetstormsecurity.com/files/125...ction.html
;Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=
Error:
Code:
Warning [2] mysqli_real_escape_string() expects parameter 2 to be string,
array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19
-1~dotdeb.1 (Linux)Edit search.php
And find the code
PHP Code:
$sid = $db->escape_string($mybb->input['sid']);
Replace it with
PHP Code:
if(is_array($mybb->input['sid']))
$sid = $db->escape_string(implode($mybb->input['sid']));
else
$sid = $db->escape_string($mybb->input['sid']);
Now save it.
Source: http://packetstormsecurity.com/files/125...ction.html
Users browsing this thread: 1 Guest(s)