MyBB Community Forums

Full Version: Fixes for this sql error?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello, any known fixes for this vulnerability?


# Title: MyBB 1.6.15 - SQL Injection

# Google Dork: intext:"Powered By MyBB"

# Date: 15.08.2014

# Author: DemoLisH

# Vendor Homepage: http://www.mybb.com/

# Software Link: http://www.mybb.com/downloads

# Version: 1.6.15

# Contact: [email protected]

# Video: http://www.youtube.com/watch?v=_29v1YEZE2s



***************************************************



[~#~] SQL Injection in Private Messages ( User CP )



Go to -> Inbox for example:

localhost/private.php



Search at the following code Keywords:

<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
well, have you tested it in this community !
It's not a SQL injection or any other vulnerability just because one guy keeps spamming false information...

In fact, it's a SQL error and nothing more. Fixed in MyBB 1.8.