Current time: 04-17-2014, 12:56 PM Hello There, Guest! (LoginRegister)


MyBB 1.2.4 Released - Important Security Update
04-03-2007, 11:47 PM (This post was last modified: 04-05-2007 02:04 PM by Chris Boulton.)
Post: #1
MyBB 1.2.4 Released - Important Security Update
MyBB 1.2.4 is a security update to the MyBB 1.2 series. It fixes a HIGH risk vulnerability recently discovered and reported in MyBB. We recommend everybody upgrades to this release as soon as possible or patches their boards with the manual patching instructions below.

We recommend all users upgrade their copy of MyBB to the latest available release.

This vulnerability allows a hacker to remotely gain access to your forums via a valid administrative session and have the ability to upload remote/backdoor files to your forums.

Immediately we're releasing a new version of MyBB which patches this exploit (MyBB 1.2.4). MyBB 1.1.8 is not affected.

MyBB 1.2.4 fixes this security vulnerability and nothing more: We're not quite ready to release a bug fix update at this time.

As a security precaution we also recommend that all users scan their uploads and uploads/avatars/ directories for files ending in .php - if there are any files of that type, delete them.

You can also use the vulnerability scanner at the bottom of this thread to scan your forums.

MyBB 1.2.3 to MyBB 1.2.4 Patch
This patch is only for users running MyBB 1.2.3. If you are running any other version of the MyBB 1.2 series then please download MyBB 1.2.4 from the MyBB site and update to it.

Please download the attached ZIP archive of inc/functions.php and inc/class_core.php and replace the files in your inc/ directory with the versions from the ZIP archive.

If you wish to manually patch your board please download "mybb_123_sql_fix.txt" and follow the instructions in that file.


Attached File(s)
.txt  mybb_123_sql_fix.txt (Size: 1.58 KB / Downloads: 997)
.zip  mybb_124_changed_files.zip (Size: 25.6 KB / Downloads: 2716)
Visit this user's website Find all posts by this user
04-03-2007, 11:48 PM
Post: #2
RE: MyBB 1.2.4 Released - Important Security Update
Discuss this Announcement
Visit this user's website Find all posts by this user
04-04-2007, 12:12 AM
Post: #3
RE: MyBB 1.2.4 Released - Important Security Update
How can I tell if I've been exploited?
Attached is "123_vuln_scanner.php" which will scan your uploads and language directories in an attempt to see if your forums have been exploited by this vulnerability and the backdoor exists.

Please upload it to your forums directory and call it in your browser.

An example, http://community.mybboard.net/123_vuln_scanner.php (with faked results)


Attached File(s)
.php  123_vuln_scanner.php (Size: 1.23 KB / Downloads: 1159)
Visit this user's website Find all posts by this user


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication