edit search.php and find this line :
$sid = $db->escape_string($mybb->input['sid']);
change this line to :
if(is_array($mybb->input['sid']))
$sid = $db->escape_string(implode($mybb->input['sid']));
else
$sid = $db->escape_string($mybb->input['sid']);
I take no credit for this.
Credit to:
Packetstorm.
A more complete solution would probably be to edit the function that process all the input variables to not process arrays/use the first element in a given array for a set list of input variables.
(2014-05-25, 02:17 AM)Cameron:D Wrote: [ -> ]A more complete solution would probably be to edit the function that process all the input variables to not process arrays/use the first element in a given array for a set list of input variables.
Yea that would be a better idea. There was a guy panicking users so I just posted this quick fix so people wouldn't feel scared about mybb being 'exploited'. This can't even do anything.. Well at least from what I know about mybb/SQLi.
What is this? Is this a newly discovered security issue? Will the fix affect the search results negatively? (ie, return less accurate results)
I remember accidentally finding it quite a while back, there isn't really any security issue, just a bug that throws an error because it has an array where it expects a string (See it in action here:
http://community.mybb.com/search.php?act...id[]=stuff). The only way to make it happen is to manually edit the search results URL, so it won't affect normal users browsing.
Its nothing bad. Just 'ub3r hax0rs' think its a bad thing because it outputs and error. You can't execute any malicious query's I tried.
I also tried and all you can get is errors.