2005-08-16, 09:09 AM
MyBB RC4 Security Update
There has been a security issue found in MyBB RC4 and all previous versions.
This security issue could allow your board to be compromised via an SQL injection based vulnerability.
Patching Your Board
To patch you board you can use the zip archive attached to this post, please upload the contents of it to your forums overwriting the existing files.
Manual patching instructions are below.
Manual Patching Instructions
./global.php
Find:
--
$mybb['location'] = $REQUEST_URI;
--
Replace With:
--
$mybb['location'] = addslashes($REQUEST_URI);
--
./member.php
Find:
--
$query = $db->query("SELECT username FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
Replace With:
--
$username = addslashes($username);
$query = $db->query("SELECT username FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
Find:
--
$query = $db->query("SELECT uid, username, password FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
Replace With:
--
$username = addslashes($username);
$query = $db->query("SELECT uid, username, password FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
./admin/global.php
Find:
--
if($do == "login") {
--
Above it Add:
--
$mybbadmin = $_COOKIE['mybbadmin'];
$username = addslashes($username);
--
There has been a security issue found in MyBB RC4 and all previous versions.
This security issue could allow your board to be compromised via an SQL injection based vulnerability.
Patching Your Board
To patch you board you can use the zip archive attached to this post, please upload the contents of it to your forums overwriting the existing files.
Manual patching instructions are below.
Manual Patching Instructions
./global.php
Find:
--
$mybb['location'] = $REQUEST_URI;
--
Replace With:
--
$mybb['location'] = addslashes($REQUEST_URI);
--
./member.php
Find:
--
$query = $db->query("SELECT username FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
Replace With:
--
$username = addslashes($username);
$query = $db->query("SELECT username FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
Find:
--
$query = $db->query("SELECT uid, username, password FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
Replace With:
--
$username = addslashes($username);
$query = $db->query("SELECT uid, username, password FROM ".TABLE_PREFIX."users WHERE username='$username'");
--
./admin/global.php
Find:
--
if($do == "login") {
--
Above it Add:
--
$mybbadmin = $_COOKIE['mybbadmin'];
$username = addslashes($username);
--