MyBB Community Forums

first of all i'm not trying to change mybb reputation or claim that you got some vulnerability's in your script i'm just trying to be safe and couple days ago i shut down my forum because i found allot of vulnerability's i checked my plugins and remove 2 of them , mobile and social then half of the vulnerability's is gone , now i got about 7 sqli,cookie injection vulnerability's,
i was wondering if mybb security can explain this vulnerability's maybe help me fix them
here is a photo of scanning my forum before removing the plugins
http://www3.picturepush.com/photo/a/8768...768881.png
and after removing the plugins
http://www5.picturepush.com/photo/a/8772...772538.png
i found this 2 links on the web maybe you can explain:
http://www.securityfocus.com/bid/27322/exploit
http://www.securityfocus.com/bid/13827/exploit
note:
i'm not trying to fight , just want to stay safe mates
any help will be appreciated
regards
illusion

The two security issues are for mybb 1.2. We are now on mybb 1.6.

hmm i got 1.6.
and everything is up to date
you know why i'm getting this vulnerability's when i scan ?.
can you post a way to fix them ?
like when the vulnerability's was there on 1.2 how mybb security handled it
and how they fixed it..
regards
illusion

There are (so far) no known vulnerabilities in the current version. You are secure.

(2012-07-20, 02:08 AM)Jitendra M Wrote: [ -> ]There are (so far) no known vulnerabilities in the current version. You are secure.

may i know why i'm getting this vulnerability's ? if it secured :/
i got allot of enemy's and most of them from hacking sites mate
i really need to fix this vulnerability's...
regards
illusion

Probably yours plugins, try posting a list here.

(2012-07-20, 03:09 AM)Omar G. Wrote: [ -> ]Probably yours plugins, try posting a list here.

hmm ok mate i will remove all the plugins and give some feedback
hold on give me 10 min
regards
illusion
Edit:
all plugins removed and i still get 4 vulnerability's
any help ? any thoughts ? any solutions ?
http://www3.picturepush.com/photo/a/8772...772756.png
anything can be appreciated
regards
illusion

These tools such as that you used most of the time return false positives. There are no known threats to date, and those external reports you linked to are both for older versions of MyBB.

(2012-07-20, 04:22 AM)Imad Jomaa Wrote: [ -> ]These tools such as that you used most of the time return false positives. There are no known threats to date, and those external reports you linked to are both for older versions of MyBB.

from older mybb version
but why i'm getting them on my up to date mybb version ?
even if they don't threat my security but i want to know how to fix them , can you tell me how ?
regards
illusion

(2012-07-20, 04:35 AM)illusionalp Wrote: [ -> ]

(2012-07-20, 04:22 AM)Imad Jomaa Wrote: [ -> ]These tools such as that you used most of the time return false positives. There are no known threats to date, and those external reports you linked to are both for older versions of MyBB.

from older mybb version
but why i'm getting them on my up to date mybb version ?
even if they don't threat my security but i want to know how to fix them , can you tell me how ?
regards
illusion

Hello,

By the nature of false positives, the issues do not exist and thus, there is nothing to fix. You can safely ignore false positives.

All the best,
Imad Jomaa.