Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved Is this a real vulnerability?
#1
Not Solved
Hello everybody, I'm concerned about the security of my myBB board because I have found an exploit online for 1.6.2 which is apparently an SQL injection exploit with search.php

Google only yields two results but I was just asking here to see if it really is a vulnerability.
Reply
#2
Not Solved
Please post more information, and contact the admins about this...
<snip - warez>
Reply
#3
Not Solved
The code in question is to do with how MyBB handles 'and' or 'or' in the search box. We've had no reports which indicate how to directly create an SQL injection, just reproduction steps of how to get to the SQL error.

The revelation of the SQL error will be fixed in 1.6.3.
Reply
#4
Not Solved
(04-05-2011, 10:16 PM)Tomm M Wrote:  The code in question is to do with how MyBB handles 'and' or 'or' in the search box. We've had no reports which indicate how to directly create an SQL injection, just reproduction steps of how to get to the SQL error.

The revelation of the SQL error will be fixed in 1.6.3.
Okay. So is it much of a security threat as of now?
Reply
#5
Not Solved
As of now, nope. 1.6.2 is safe until someone can prove that it has a legitimate problem. Smile
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)