MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Fixes for this sql error?
Full Version: Fixes for this sql error?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

shining

2014-08-21, 06:43 PM
Hello, any known fixes for this vulnerability?


# Title: MyBB 1.6.15 - SQL Injection

# Google Dork: intext:"Powered By MyBB"

# Date: 15.08.2014

# Author: DemoLisH

# Vendor Homepage: http://www.mybb.com/

# Software Link: http://www.mybb.com/downloads

# Version: 1.6.15

# Contact: [email protected]

# Video: http://www.youtube.com/watch?v=_29v1YEZE2s



***************************************************



[~#~] SQL Injection in Private Messages ( User CP )



Go to -> Inbox for example:

localhost/private.php



Search at the following code Keywords:

<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload

.m.

2014-08-21, 07:01 PM
well, have you tested it in this community !

Destroy666

2014-08-21, 07:16 PM
It's not a SQL injection or any other vulnerability just because one guy keeps spamming false information...

In fact, it's a SQL error and nothing more. Fixed in MyBB 1.8.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Fixes for this sql error?