Nice quick painless update. Thanks guys!
Thank you Mybb Group
Thank you for the update
very easy to do as well (just need to update to files)
Thank you
Tazfan
If staff wants to see it, fine, but I realized it would be bad to give out the code to hack MyBBs.
I had two files like that, one in uploads, and one in uploads/avatars.
They both had numerical filenames, the example was '75093.php'. Was my board breached?
I wonder about the quality of the provided patch:
* Why should a function (get_ip) that has absolutely nothing to do with database access use the function $db->escape_string?
* Why do you leave space characters in the IP address?
* Why is escape_string necessary at all, after you have filtered out everything except [0-9. ]?
Roland
Thanks, updated.
I seen last night it was posted here, very fast at fixing it well done
.
A nice easy fix.
I ran the vulnerability checker and it found a file.........went to my FTP not sure what I would find and found a file I'd uploaded myself to delete some files which wouldn't delete through my FTP GUI. I'd deleted the files but not the file deletion script.
D'oh!!!!!!!!
All happy now
What were the file names that you deleted?
Do i need to fix my old MyBB 1.2.2 Forum with this patch too or is this patch for MyBB 1.2.3 only?
is this forum on the 1.2.4 ?