Current time: 06-19-2013, 11:58 AM Hello There, Guest! (LoginRegister)

MyBB Community Forums / Community Archive / Archived Forums / Old Announcements v / MyBB 1.03 Released - Security Update

MyBB 1.03 Released - Security Update
01-31-2006, 10:38 AM (This post was last modified: 01-31-2006 09:11 PM by Chris Boulton.)
Post: #1
Chris Boulton Offline
Product Manager
Management Team 		Posts: 4,956
Joined: Jun 2004
Reputation: 62
MyBB 1.03 Released - Security Update
As some of you saw, when these forums were attacked, there has been the discovery of another serious security exploit in MyBB.

Soon after the boards were exploited, backups of the forum were restored and the discovery process began. Due to access logs being completely useless (Corrupt), I took to the code and found the potential vulnerability the attacker exploited.

Available immediately, we're announcing a security update for MyBB dubbed MyBB 1.03. This exploit affects ALL COPIES OF MYBB including previous versions. We recommend everybody update their board as soon as possible.

The update fixes the found SQL injection vulnerability (Critical) as well as several other medium priority vulnerabilities recently discovered. (Due to be released tomorrow anyway)

Affected files:
  • global.php
  • search.php
  • usercp.php
  • inc/functions.php (Version number change)

Updating Your Board
Please check your Admin CP to determine which MyBB version you are currently using.

If you are running MyBB 1.02
  • Download the files in the attachment below and upload them to your forum.
You do NOT need to run the upgrade scripts.

Any previous versions
  • Download the latest copy of MyBB from the MyBB website.
  • Proceed with an upgrade as you usually would.
If you are running MyBB 1.01, or MyBB 1.0 then you do not need to run any upgrade scripts.

MyBB Group


Attached File(s)
.zip  mybb_103_changed_files.zip (Size: 33.47 KB / Downloads: 1263)
Chris Boulton
Twitter | Blog
Visit this user's website Find all posts by this user
01-31-2006, 10:40 AM (This post was last modified: 02-05-2006 03:07 AM by Dennis Tsang.)
Post: #2
Chris Boulton Offline
Product Manager
Management Team 		Posts: 4,956
Joined: Jun 2004
Reputation: 62
RE: MyBB 1.03 Released - Security Update
Manual Patching Instructions

Please follow the instructions attached to this post if you wish to manually apply this update to your forums.


Attached File(s)
.txt  mybb_103_manual_patch.txt (Size: 1.01 KB / Downloads: 990)
Chris Boulton
Twitter | Blog
Visit this user's website Find all posts by this user
01-31-2006, 10:56 AM
Post: #3
Chris Boulton Offline
Product Manager
Management Team 		Posts: 4,956
Joined: Jun 2004
Reputation: 62
RE: MyBB 1.03 Released - Security Update
The discussion thread for this announcement is here: http://community.mybboard.net/showthread.php?tid=6419
Chris Boulton
Twitter | Blog
Visit this user's website Find all posts by this user
01-31-2006, 11:10 AM
Post: #4
Chris Boulton Offline
Product Manager
Management Team 		Posts: 4,956
Joined: Jun 2004
Reputation: 62
RE: MyBB 1.03 Released - Security Update
Attacker Details
We've also decided to release the details of the attacker who performed the SQL injection exploit here. This information is provided so that you can take the necessary steps to ban this user from accessing your forums.

Username: dedo (They previously registered here)
Email Address: [email protected]
IP Address: 88.152.35.15
Chris Boulton
Twitter | Blog
Visit this user's website Find all posts by this user
01-31-2006, 02:42 PM
Post: #5
Peter Offline
Used to be Devel0per
*****
Former Contributors 		Posts: 764
Joined: Aug 2004
Reputation: 4
RE: MyBB 1.03 Released - Security Update
To fix the issue whereby searching no longer worked after updating to 1.03, see this post:
http://community.mybboard.net/showthread...1#pid38921
Peter Akkies
Visit this user's website Find all posts by this user


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication