MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Releases > Advanced Forum Signatures [Latest Version: 2.0.4]
Full Version: Advanced Forum Signatures [Latest Version: 2.0.4]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13

frostschutz

2011-10-12, 10:41 AM
This plugin has a SQL injection vulnerability that allows anyone to gain admin permissions.

In signature.php
   $db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$mybb->input['afs_type']}', [...]

The inputs aren't escaped so anyone can for example change the admin users password.

Original exploit was posted here

http://www.smoothblog.co.uk/2011/10/11/h...injection/

onurcakko

2011-10-13, 07:21 PM
turkish utf8 not support :@

007combatant

2011-10-13, 07:26 PM
yes turkish utf8 not support

this screenshot

coco_moco

2011-11-10, 09:17 AM
Is there a way to fix the security vulnerability in this plugin?

traiphonuiktvn

2011-12-24, 02:30 AM
ple help me, vietnamese utf8 not support.

7uyk

2012-03-16, 09:35 PM
Great plugin Smile

MrAnderson

2012-03-17, 01:08 AM
UTF8 support there yet ?

MadComp

2012-07-19, 09:11 PM
(2011-10-12, 10:41 AM)frostschutz Wrote: [ -> ]This plugin has a SQL injection vulnerability that allows anyone to gain admin permissions.

In signature.php
   $db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$mybb->input['afs_type']}', [...]

The inputs aren't escaped so anyone can for example change the admin users password.

Original exploit was posted here

http://www.smoothblog.co.uk/2011/10/11/h...injection/

Is there a way to fix this yet? I can't use it until this is fixed!

Omar G.

2012-07-19, 09:27 PM
Open th root file, find:
$db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$mybb->input['afs_type']}', `afs_background`='{$mybb->input['afs_background']}', `afs_showonline`={$mybb->input['afs_showonline']}, `afs_full_line1`='{$mybb->input['afs_full_line1']}', `afs_full_line2`='{$mybb->input['afs_full_line2']}', `afs_full_line3`='{$mybb->input['afs_full_line3']}', `afs_full_line4`='{$mybb->input['afs_full_line4']}', `afs_full_line5`='{$mybb->input['afs_full_line5']}', `afs_full_line6`='{$mybb->input['afs_full_line6']}', `afs_bar_left`='{$mybb->input['afs_bar_left']}', `afs_bar_center`='{$mybb->input['afs_bar_center']}', `afs_bar_right`='{$mybb->input['afs_bar_right']}' WHERE `uid`='{$mybb->user['uid']}';");

Change for this:
$db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$db->escape_string($mybb->input['afs_type'])}', `afs_background`='{$db->escape_string($mybb->input['afs_background'])}', `afs_showonline`={$db->escape_string($mybb->input['afs_showonline'])}, `afs_full_line1`='{$db->escape_string($mybb->input['afs_full_line1'])}', `afs_full_line2`='{$db->escape_string($mybb->input['afs_full_line2'])}', `afs_full_line3`='{$db->escape_string($mybb->input['afs_full_line3'])}', `afs_full_line4`='{$db->escape_string($mybb->input['afs_full_line4'])}', `afs_full_line5`='{$db->escape_string($mybb->input['afs_full_line5'])}', `afs_full_line6`='{$db->escape_string($mybb->input['afs_full_line6'])}', `afs_bar_left`='{$db->escape_string($mybb->input['afs_bar_left'])}', `afs_bar_center`='{$db->escape_string($mybb->input['afs_bar_center'])}', `afs_bar_right`='{$db->escape_string($mybb->input['afs_bar_right'])}' WHERE `uid`='{$mybb->user['uid']}';");

MadComp

2012-07-19, 10:21 PM
Thanks Omar! I'll gladly use this plugin now!
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13
MyBB Community Forums > Extensions > Plugins > Plugin Releases > Advanced Forum Signatures [Latest Version: 2.0.4]