If you have upgraded to
1.1.3 then you are safe from the exploit.
The plugin is there just to ban any users that try to use the exploit script (but they will not be successful if you have already upgraded to 1.1.3 anyway). Upload that to inc/plugins/ folder.
Someone just regged at my forum with this username -> "'.system(getenv(HTTP_C)).'", why do they even bother when it says I'm using 1.1.3? oh well.
Well Some "Strange"Guys Visited my Forum (to Hack) But They Wasn't Able To Create a user Something like ".system(getenv(HTTP_C))" Because I Have Limited The length of Username to 8 (characters).. Well I Think this can be A Good solution.
Or just install the plug-in which is provided in the announcement thread of 1.1.3
how can i install the plugin on my forum can some one please tell me
thanks
You need to download the file atached to that post and upload it to the inc/plugins directory on your forum.
Then go to the Admin CP and then Plugin Manager and click "Activate" next to it.