MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > 1.6.4 Security Vulnerability
Full Version: 1.6.4 Security Vulnerability
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10

Tomm M

2011-10-13, 12:40 PM
(2011-10-13, 12:25 PM)RocketFoot Wrote: [ -> ]I am running 1.6.4 and my index.php file seems to be updated already? Is this possible?

The vulnerability does not affect everyone. It depends entirely on the type of environment your forum runs on and it may not exist. If you follow the blog post and can't find it, you'll be fine. Smile

RocketFoot

2011-10-13, 12:42 PM
OK, cool! Thanks!

Ruby

2011-10-13, 12:48 PM
Now I have got our changed files but I didn't compare them to the good ones yet, I must leave my home now for a little while. I am using Dark Grey Theme and the German language files.

Is any one of the experts here on forum interested in the changed files? I zipped them and I am then going to give you the link. Won't do it public on the forum, sorry.

pavemen

2011-10-13, 02:23 PM
I'd like to see the files, so PM me the link please.

sunjava1

2011-10-13, 03:55 PM
eval("\$loginform = \"".$templates->get("index_loginform")."\";".@$col[23]);

You mean those are vulnerabilities who have this code in their index?

mine index don't have .@$col[23] . So I don't need to change anything?

pavemen

2011-10-13, 04:00 PM
(2011-10-13, 03:55 PM)sunjava1 Wrote: [ -> ]
eval("\$loginform = \"".$templates->get("index_loginform")."\";".@$col[23]);

You mean those are vulnerabilities who have this code in their index?

mine index don't have .@$col[23] . So I don't need to change anything?


you shouldn't have to, but since the bad code can edit other files, you should run a file verification in case the bad code changed something else and then put index.php back to normal.

sunjava1

2011-10-13, 04:14 PM
:p I'd deleted the install directory after I installed mybb 1.6.4, Now file verification is giving these files missing (those which are the part of install directory, )

Now , what I do?

Dylan M.

2011-10-13, 04:19 PM
(2011-10-13, 04:14 PM)sunjava1 Wrote: [ -> ]:p I'd deleted the install directory after I installed mybb 1.6.4, Now file verification is giving these files missing (those which are the part of install directory, )

Now , what I do?

Ignore it Wink

sunjava1

2011-10-13, 04:27 PM
One more issue, While checking template, It is showing error in calender, I've replaced it with the new one, but still having same error (ACP>>tools and maintenance >> template chk)
Done, There was one issue, at the end of the template calender , there was a question mark " ? "
which was not visible in the editor, so I copied the calender template in notepad++ and found the question mark at the end similar to this:-

 
</html> ?

Any clues why the question mark was not visible in the template editor?

pavemen

2011-10-13, 04:53 PM
simple typo during an edit perhaps? a ? outside the closing html tag should not do anything. does the ACP show calendar as modified?
Pages: 1 2 3 4 5 6 7 8 9 10
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > 1.6.4 Security Vulnerability