(2008-11-07, 06:19 AM)rh1n0 Wrote: [ -> ]I can understand what you're saying, labrocca. But in this case, it appears that in order for forums to be safe from the exploit they have to do some manual code editing.
or tell admins to not view this attachment
The point I was trying to make is that when an exploit was found at mybb sometime ago, the smf fun boys were quickly jumping to conclusion that mybb is not secure and this and that. But when the same thing happen to their forum, they tried to hide it first and giving that b****** to their users that there was nothing wrong etc etc.
Well. I think we're also done here.
See Ryan's response above. We would do the same thing here. The main thing is that we will move it to our staff forum to confirm the vulnerability.
If it is a vulnerability, a patch will be released, and the thread won't be needed further.
If it's not a vulnerability...well...the thread is also not needed.
Please be reminded all security vulnerabilities should be reported through our contact form because it is a faster and more direct way of contacting us.
I thought I closed this thread.