MyBB Tutorials MyBB Security Tutorial and Guidelines Submitted by Blowjob, 23-01-2015, 07:21 AM, Thread ID: 631 Thread Closed Reply 1 2 RE: MyBB Security Tutorial and Guidelines OP 03-02-2015, 01:59 AM #11 03-02-2015, 01:46 AMmaloon Wrote: Does SMF have a large plugin/theme repository? Mostly using it for a minecraft server, so just something pretty looking and easy to use works for me. I dont know as i dont use it More RE: MyBB Security Tutorial and Guidelines 03-02-2015, 02:46 AM #12 Very helpful guide, thanks man More RE: MyBB Security Tutorial and Guidelines OP 03-02-2015, 02:52 AM #13 03-02-2015, 02:46 AMFalsey Wrote: Very helpful guide, thanks man fucking leecher :rly: More 1 theezy. RE: MyBB Security Tutorial and Guidelines 15-02-2015, 05:01 AM #14 Great tut there. I actually learned something new. More RE: MyBB Security Tutorial and Guidelines 17-02-2015, 09:29 PM This post was last modified: 17-02-2015, 09:30 PM by Akay #15 For the 1.6 users out there, here is something you can patch (if you wanna :rly; Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order= Error: Code:Warning [2] mysqli_real_escape_string() expects parameter 2 to be string, array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19 -1~dotdeb.1 (Linux) Edit search.php And find the code PHP Code:$sid = $db->escape_string($mybb->input['sid']); Replace it with PHP Code:if(is_array($mybb->input['sid'])) $sid = $db->escape_string(implode($mybb->input['sid'])); else $sid = $db->escape_string($mybb->input['sid']); Now save it. Source: http://packetstormsecurity.com/files/125...ction.html More RE: MyBB Security Tutorial and Guidelines 18-02-2015, 12:43 PM #16 17-02-2015, 09:29 PMKewl Wrote: For the 1.6 users out there, here is something you can patch (if you wanna :rly; Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order= Error: Code:Warning [2] mysqli_real_escape_string() expects parameter 2 to be string, array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19 -1~dotdeb.1 (Linux) Edit search.php And find the code PHP Code:$sid = $db->escape_string($mybb->input['sid']); Replace it with PHP Code:if(is_array($mybb->input['sid'])) $sid = $db->escape_string(implode($mybb->input['sid'])); else $sid = $db->escape_string($mybb->input['sid']); Now save it. Source: http://packetstormsecurity.com/files/125...ction.html This is fixed already in the newer versions (1.6.3+), right? http://blog.mybb.com/2011/04/17/mybb-1-6...ty-update/ More RE: MyBB Security Tutorial and Guidelines 18-02-2015, 10:33 PM #17 18-02-2015, 12:43 PMCoxetamine Wrote: 17-02-2015, 09:29 PMKewl Wrote: For the 1.6 users out there, here is something you can patch (if you wanna :rly; Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order= Error: Code:Warning [2] mysqli_real_escape_string() expects parameter 2 to be string, array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19 -1~dotdeb.1 (Linux) Edit search.php And find the code PHP Code:$sid = $db->escape_string($mybb->input['sid']); Replace it with PHP Code:if(is_array($mybb->input['sid'])) $sid = $db->escape_string(implode($mybb->input['sid'])); else $sid = $db->escape_string($mybb->input['sid']); Now save it. Source: http://packetstormsecurity.com/files/125...ction.html This is fixed already in the newer versions (1.6.3+), right? http://blog.mybb.com/2011/04/17/mybb-1-6...ty-update/ It even exist on 1.6.16 version, so nope. More 1 2
RE: MyBB Security Tutorial and Guidelines OP 03-02-2015, 01:59 AM #11 03-02-2015, 01:46 AMmaloon Wrote: Does SMF have a large plugin/theme repository? Mostly using it for a minecraft server, so just something pretty looking and easy to use works for me. I dont know as i dont use it More
RE: MyBB Security Tutorial and Guidelines 03-02-2015, 02:46 AM #12 Very helpful guide, thanks man More
RE: MyBB Security Tutorial and Guidelines OP 03-02-2015, 02:52 AM #13 03-02-2015, 02:46 AMFalsey Wrote: Very helpful guide, thanks man fucking leecher :rly: More 1 theezy.
RE: MyBB Security Tutorial and Guidelines 15-02-2015, 05:01 AM #14 Great tut there. I actually learned something new. More
RE: MyBB Security Tutorial and Guidelines 17-02-2015, 09:29 PM This post was last modified: 17-02-2015, 09:30 PM by Akay #15 For the 1.6 users out there, here is something you can patch (if you wanna :rly; Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order= Error: Code:Warning [2] mysqli_real_escape_string() expects parameter 2 to be string, array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19 -1~dotdeb.1 (Linux) Edit search.php And find the code PHP Code:$sid = $db->escape_string($mybb->input['sid']); Replace it with PHP Code:if(is_array($mybb->input['sid'])) $sid = $db->escape_string(implode($mybb->input['sid'])); else $sid = $db->escape_string($mybb->input['sid']); Now save it. Source: http://packetstormsecurity.com/files/125...ction.html More
RE: MyBB Security Tutorial and Guidelines 18-02-2015, 12:43 PM #16 17-02-2015, 09:29 PMKewl Wrote: For the 1.6 users out there, here is something you can patch (if you wanna :rly; Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order= Error: Code:Warning [2] mysqli_real_escape_string() expects parameter 2 to be string, array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19 -1~dotdeb.1 (Linux) Edit search.php And find the code PHP Code:$sid = $db->escape_string($mybb->input['sid']); Replace it with PHP Code:if(is_array($mybb->input['sid'])) $sid = $db->escape_string(implode($mybb->input['sid'])); else $sid = $db->escape_string($mybb->input['sid']); Now save it. Source: http://packetstormsecurity.com/files/125...ction.html This is fixed already in the newer versions (1.6.3+), right? http://blog.mybb.com/2011/04/17/mybb-1-6...ty-update/ More
RE: MyBB Security Tutorial and Guidelines 18-02-2015, 10:33 PM #17 18-02-2015, 12:43 PMCoxetamine Wrote: 17-02-2015, 09:29 PMKewl Wrote: For the 1.6 users out there, here is something you can patch (if you wanna :rly; Vuln: /search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order= Error: Code:Warning [2] mysqli_real_escape_string() expects parameter 2 to be string, array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19 -1~dotdeb.1 (Linux) Edit search.php And find the code PHP Code:$sid = $db->escape_string($mybb->input['sid']); Replace it with PHP Code:if(is_array($mybb->input['sid'])) $sid = $db->escape_string(implode($mybb->input['sid'])); else $sid = $db->escape_string($mybb->input['sid']); Now save it. Source: http://packetstormsecurity.com/files/125...ction.html This is fixed already in the newer versions (1.6.3+), right? http://blog.mybb.com/2011/04/17/mybb-1-6...ty-update/ It even exist on 1.6.16 version, so nope. More