MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is this a real vulnerability?
Full Version: Is this a real vulnerability?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

breaksand30

2011-04-05, 09:50 PM
Hello everybody, I'm concerned about the security of my myBB board because I have found an exploit online for 1.6.2 which is apparently an SQL injection exploit with search.php

Google only yields two results but I was just asking here to see if it really is a vulnerability.

ImagineDesigns

2011-04-05, 10:10 PM
Please post more information, and contact the admins about this...

Tomm M

2011-04-05, 10:16 PM
The code in question is to do with how MyBB handles 'and' or 'or' in the search box. We've had no reports which indicate how to directly create an SQL injection, just reproduction steps of how to get to the SQL error.

The revelation of the SQL error will be fixed in 1.6.3.

breaksand30

2011-04-05, 10:17 PM
(2011-04-05, 10:16 PM)Tomm M Wrote: [ -> ]The code in question is to do with how MyBB handles 'and' or 'or' in the search box. We've had no reports which indicate how to directly create an SQL injection, just reproduction steps of how to get to the SQL error.

The revelation of the SQL error will be fixed in 1.6.3.
Okay. So is it much of a security threat as of now?

Tomm M

2011-04-05, 10:23 PM
As of now, nope. 1.6.2 is safe until someone can prove that it has a legitimate problem. Smile
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is this a real vulnerability?