Amir reported SQL-injection in 1.6.8

[fgeek]

Hello,

I noticed security vulnerability report in mailing list: http://seclists.org/bugtraq/2012/Jun/29

I tried to verify this without success (usual scenario with Amir). Could someone verify this is not valid issue?

[Tomm M]

This is not a valid issue. warning_level is not a valid action within member.php.

[fgeek]

Thank you fast response.

[s3ri0s]

i have a question.
did anyone reports bugs from mybb a few days ago?
mr fgeek published one of them and i want to publish another one.
im not sure, please check http://packetstormsecurity.org/files/113...ction.html and tell me is this a bug? or not?

[Nathan Malcolm]

Again, it's an invalid report. It's a vulnerability within a plugin not within MyBB.

[s3ri0s]

What plugin is this bug?

I have a site for a demo http://www.mihanhack.com/forums/member.p...file&uid=9 '

The full explanation is unraveling, ohh Please do harm Dhdyd

[Nathan Malcolm]

I believe it's this plugin: http://mybbsource.com/thread-3991.html

[s3ri0s]

Are you sure this is really an inconvenience unraveling, ohh?

This is because I http://www.mihanhack.com/forums/member.p...file&uid=9 '

And until now has not been hacked and someone has released a bug that wants to hurt us.

I did not bug me, bug Czech officer may explain the better you get

[Tomm M]

These vulnerabilities do not affect 1.6.8, unless you have those plugins installed.

[Tim B.]

(06-09-2012 04:56 AM)s3ri0s Wrote:  This is because I http://www.mihanhack.com/forums/member.p...file&uid=9 '

If you look at the SQL error that spits out:

Code:

SELECT * FROM mybb_adv_ratings WHERE fuid='9'' AND uid='0'

It should be immediately obvious that mybb_adv_ratings is not a default MyBB table.

I already contacted the author of the Advanced Profile plugin via PM on MyBB source, but seeing as it's not hosted on the mods site we can't take it down. I'm also not sure if the vulnerability is in the latest version of the plugin.