Current time: 04-19-2014, 11:58 AM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is this a real vulnerability?
04-05-2011, 09:50 PM
Post: #1
Not Solved Is this a real vulnerability?
Hello everybody, I'm concerned about the security of my myBB board because I have found an exploit online for 1.6.2 which is apparently an SQL injection exploit with search.php

Google only yields two results but I was just asking here to see if it really is a vulnerability.
Find all posts by this user
Quote this message in a reply
04-05-2011, 10:10 PM
Post: #2
Not Solved RE: Is this a real vulnerability?
Please post more information, and contact the admins about this...

<snip - warez>
Find all posts by this user
Quote this message in a reply
04-05-2011, 10:16 PM
Post: #3
Not Solved RE: Is this a real vulnerability?
The code in question is to do with how MyBB handles 'and' or 'or' in the search box. We've had no reports which indicate how to directly create an SQL injection, just reproduction steps of how to get to the SQL error.

The revelation of the SQL error will be fixed in 1.6.3.
Find all posts by this user
Quote this message in a reply
04-05-2011, 10:17 PM
Post: #4
Not Solved RE: Is this a real vulnerability?
(04-05-2011 10:16 PM)Tomm M Wrote:  The code in question is to do with how MyBB handles 'and' or 'or' in the search box. We've had no reports which indicate how to directly create an SQL injection, just reproduction steps of how to get to the SQL error.

The revelation of the SQL error will be fixed in 1.6.3.
Okay. So is it much of a security threat as of now?
Find all posts by this user
Quote this message in a reply
04-05-2011, 10:23 PM
Post: #5
Not Solved RE: Is this a real vulnerability?
As of now, nope. 1.6.2 is safe until someone can prove that it has a legitimate problem. Smile
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication