MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > 1.6.4 Security Vulnerability
Full Version: 1.6.4 Security Vulnerability
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10

MarkW7

2011-10-13, 11:08 PM
Just wondering.. what exploit does this allow? It seems such a small change.

Dylan M.

2011-10-13, 11:16 PM
(2011-10-13, 11:08 PM)MarkW7 Wrote: [ -> ]Just wondering.. what exploit does this allow? It seems such a small change.

Ability to modify just about anything by executing arbitrary code in the index.php file.

Nathan Malcolm

2011-10-14, 07:30 AM
(2011-10-13, 10:24 PM)JaysonL Wrote: [ -> ]Quite strange to see an exploit already.

I don't understand why you would think that. No project is 100% bug free. Bugs and exploits are always there. They just need to be found.

seminar techi

2011-10-14, 07:57 AM
Important
the bot just adding a small script on all index.php and showthread.php after closing php ( thats "?>") ... be aware and search for all index.php to remove suspicious script (i mean all index.php files in server even if there is no relation with mybb files)

i hope they used shell access to edit this ..!

Tom Catterick

2011-10-14, 10:06 AM
OK I have cleansed no less than 6 installations of mybb by re-uploading all the compromised files for each one and a file verification for all 6 now comes up clean. So that looks good. Cool

However, I notice that on each installation the config.php was modified at the same time as the other (now cleansed) files. This leads to 2 questions:

1) If the config.php has indeed been modified as the time/date on the file suggests, why doesn't it show as changed in the file verification? I'm guessing it's because the config.php is unique to each mybb and can't be verified?

2) As there is no config.php in the newly available mybb download, what is the correct procedure for replacing the compromised config.php in order to eliminate the apparently altered code?

StefanT

2011-10-14, 10:19 AM
1) Exactly, it is different on all installations.
2) It must look like this: http://wiki.mybb.com/index.php/Inc/config.php

Tom Catterick

2011-10-14, 11:32 AM
Thank you StefanT.

I've now found the code which was added to my config.php files and have removed it, so hopefully I am 100% clean.

Ruby

2011-10-14, 12:51 PM
I guess, that there is still any wrong code on our forums.

I mentioned it already yesterday, when I delete the Spam postings on Moderator-CP, I get to read, that I accepted these postings. They are deleted, but I want the forum show up, that the postings are deleted.

Which files depend on Moderation-CP ?

Do we perhaps still have another security hole, anywhere on the forum, because, I now had to delete about 30 spam postings, from this morning until now. I run these plugins against spam:

Akismet (1.2.1)
Bad Behavior (1.0.0)
Fassim Anti Spam (1.21)
Goodbye Spammer (1.0)
Stop forum spam (1.2)

Thanks in advance for every answer.

aglioeolio

2011-10-14, 01:22 PM
Reverted all files reported, applied "Patches Plugin" again (mybb Google Seo)

Thanks mybb Group Wink

Paul H.

2011-10-14, 01:48 PM
I want to emphasize that everyone needs to check config.php. It's not verified by file verification and I found some pretty malicious/dangerous code in mine.
Pages: 1 2 3 4 5 6 7 8 9 10
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > 1.6.4 Security Vulnerability