2005-08-16, 09:37 AM
MyBB RC4 Security Update
[Note: Please make sure you've installed the security updates announced prior to this one as well, found here: http://community.mybboard.net/showthread.php?tid=3350 ]
There has been another serious security issue found in MyBB RC4 and all previous versions.
This security issue could allow your board to be compromised via an SQL injection based vulnerability.
This exploit differs from the previous one as it affects all running copies of MyBB RC4 and although it hasn't been publically released, there are several users already "hell bent" on destroying other peoples boards. For this reason we urge you to upgrade ASAP.
Please notify any people you know running MyBB and alert them to this security update as well as the other MyBB security update released on 14/08/05.
We'll be sending out a mass email to notify users of this security update.
Patching Your Board
To patch you board, upload the attached search.php to your forums directory overwriting the existing one.
You can also follow the manual patching instructions below.
Manual Patching Instructions
./search.php
Find:
--
$sid = intval($sid);
--
Under it Add:
--
$uid = intval($uid);
--
At the moment we're madly rushing to get MyBB 1.0 completed and released as 1.0 does not suffer from any of the released exploits and has been hardened in terms of data input handling and validation.
The release on the MyBB website has also been updated.
We thank you for your continued support.
[Note: Please make sure you've installed the security updates announced prior to this one as well, found here: http://community.mybboard.net/showthread.php?tid=3350 ]
There has been another serious security issue found in MyBB RC4 and all previous versions.
This security issue could allow your board to be compromised via an SQL injection based vulnerability.
This exploit differs from the previous one as it affects all running copies of MyBB RC4 and although it hasn't been publically released, there are several users already "hell bent" on destroying other peoples boards. For this reason we urge you to upgrade ASAP.
Please notify any people you know running MyBB and alert them to this security update as well as the other MyBB security update released on 14/08/05.
We'll be sending out a mass email to notify users of this security update.
Patching Your Board
To patch you board, upload the attached search.php to your forums directory overwriting the existing one.
You can also follow the manual patching instructions below.
Manual Patching Instructions
./search.php
Find:
--
$sid = intval($sid);
--
Under it Add:
--
$uid = intval($uid);
--
At the moment we're madly rushing to get MyBB 1.0 completed and released as 1.0 does not suffer from any of the released exploits and has been hardened in terms of data input handling and validation.
The release on the MyBB website has also been updated.
We thank you for your continued support.