There are no known SQL injection vulnerabilities in the core of MyBB 1.6.3. That's not to say one doesn't exist in one of your plugins, but the core is thought to be secure at the time being.
And I don't think there is a way to manipulate the database via SQL injection.
I am using mybb 1.6.1
What was the problem???????????
and how to prevent database from sql injections
I don't think there is any way to change your templates with the known vulnerabilities in 1.6.1, but please keep your board up-to-date.
how to prevent database from sql injections
(2011-06-26, 09:46 AM)itapna Wrote: [ -> ]how to prevent database from sql injections
Well, keeping your board up to date
might help for one...
(2011-06-26, 09:18 AM)itapna Wrote: [ -> ]www.itapna.com
It is sure injection attack
because when i restore database problem is solved......
POC? They could have just guessed your password and changed the template.
As you stated, you aren't even up-to-date with MyBB, the latest version out there is v 1.6.3 and many known and potential threat vulnerabilities have been fixed in it, if you are not updated, theres likely even no point of reporting or pointing towards MyBB that the software is faulty.
Recently, a lot of forums are getting hacked, maybe, MyBB is not a problem here, but your hosts, its some kind of shell that when uploaded to server, gives root rights and there beings the database manipulation.
I suggest contacting your host about the issue.
(2011-06-26, 11:41 AM)crazy4cs Wrote: [ -> ]many known and potential threat vulnerabilities have been fixed in it
Many?
Moreover none of them allow manipulating the database...