MyBB

Imad Jomaa · (This post was last modified: 11-08-2008 05:59 AM by Imad Jomaa.)

If you enter this code as the title of a private message, fill in the rest of the information and click send, you'll get a blank page:

Code:

"1or"1="1/><marquee>

The same goes for logging in, searching for users using the member list search engine, and posting new threads.

Can anyone recreate? Make sure you use the exact code I posted when trying to recreate it, otherwise you'll get something different.

Yumi · 11-08-2008, 06:13 AM

I can't seem to reproduce on localhost, but it has that issue here (probably something related to the filtering system here).
Can you reproduce this on your own server/setups?

destroyer · 11-08-2008, 03:01 PM

Confirmed...

Imad Jomaa · (This post was last modified: 11-08-2008 04:59 PM by Imad Jomaa.)

I was able to recreate a few times. However, I can't seem to reproduce it on my servers anymore. Furthermore. I conclude it's a problem with this site here.

Ryan Gordon · (This post was last modified: 11-08-2008 08:48 PM by Ryan Gordon.)

Intrusion Detection System for the win. Do it enough times and it'll kick ur a$$ Wink

Imad Jomaa · 11-08-2008, 09:12 PM

Haha.