Hi
you can past this code copy and past for all user and user convert to admin
usercp.php?action=do_options&showcodebuttons=1',additionalgroups='4
for Emend you shuld copy this code in firest line in file usercp.php
if (strstr($_GET['showcodebuttons'],",") ) die("Sorry");
I do believe this bug was fixed in 1.1.5.
I can confirm this in a version that isn't running 1.1.5, but as Ryan said this has been fixed in 1.1.5.
ahmad Wrote:if (strstr($_GET['showcodebuttons'],",") ) die("Sorry");
And I send the form as POST. Game over.
As people said, this is an old exploit, which was fixed in 1.1.
4 btw.
I did a similar thing on my board, wrote a plugin that hooks into global_start and redirects all losers with known outdated exploits to disgusting sites like lemonparty. And keeps a counter of redirects served in the stats page.
yes that was already fixed in 1.1.4, not the 1.1.5
Quote:--------------
1. usercp.php
--------------
Find:
--
if($mybb->input['showcodebuttons'] != 1)
{
$mybb->input['showcodebuttons'] = 0;
}
--
Replace with:
--
if($mybb->input['showcodebuttons'] != '1')
{
$mybb->input['showcodebuttons'] = 0;
}
--
regards
ahmad6 Wrote:for Emend you shuld copy this code in firest line in file usercp.php
if (strstr($_GET['showcodebuttons'],",") ) die("Sorry");
Oh! thats good that you are not in Chris's shoes
your solution is evasionable with a multy byte exploit. also security level problems need a basicall solutions not as primary as your.
just a /* can update all's settings! aslo another db provider may have seriouse problems. and and and.
I offer Chris's solution but it is better to intval show code value entry!
bests