I suggest NOT using the Plugin ShoutBox. The plugin is SQLi inject able. I have just scanned and was checking to make sure nothing was vulnerable and comes to find out the shoutbox could have lead to my database getting exploited/dropped. Now I will no longer be using this.
http://www.justusgamers.com/index.php?ac...l_shoutbox
That link is vulnerable, I'll leave it up until MyBB staff or admins get a chance to look. I will delete or move the file to further analyze.
Which shoutbox plugin are you talking about? There are a few available...
Either way it's not up to the MyBB staff to take care of plugin vulnerabilities. You should alert the developer instead.
Please don't make threads with titles like this when the problem isn't anything to do with MyBB at all. You also assume whatever 'scan' you ran is even accurate.
(2011-07-10, 10:37 PM)MattRogowski Wrote: [ -> ]Please don't make threads with titles like this when the problem isn't anything to do with MyBB at all. You also assume whatever 'scan' you ran is even accurate.
It doesn't have anything to do with MyBB at all? Please elaborate on how this doesn't have anything to do with MyBB, learn something even though you're staff....
MyBB Plugins = MyBB Software which still does involve MyBB...
Don't post stupid things like this...
Also this scan is correct because I injected my own website.
I'll post a picture
http://i55.tinypic.com/m7q7lx.png
The MyBB Group didn't develop the plugin, therefore it should not hold any responsibility for it. You use the plugins at your own risk. As for actual MyBB security vulnerabilities, as soon as they are found, a patch is immediately released.
Just report the issue to the author of the plugin. I am sure he will patch it asap.
(2011-07-10, 10:45 PM)GoogleEarth Wrote: [ -> ]It doesn't have anything to do with MyBB at all? Please elaborate on how this doesn't have anything to do with MyBB, learn something even though you're staff....
Excuse me? Please don't talk to staff that way, they take their free time to support arrogant members like you.
The MyBB team doesn't maintain plugins, it's up to the creators of the plugins to fix security risks and bugs. Heck, they don't even have to if they don't want to.
Matt was referring to it not being part of MyBB core, therefore not up to them to do anything about it.
(2011-07-10, 10:45 PM)GoogleEarth Wrote: [ -> ]Don't post stupid things like this...
Because that's the right way to do it, insult the people who maintain the software.
This is what gives this community this reputation. You need to contact the plugin author about this.
As for Matt's post - it could have been more useful and less blunt but I do agree you didn't need to have a rant at him for it.
(2011-07-10, 11:19 PM)Malcolm. Wrote: [ -> ] (2011-07-10, 10:45 PM)GoogleEarth Wrote: [ -> ]It doesn't have anything to do with MyBB at all? Please elaborate on how this doesn't have anything to do with MyBB, learn something even though you're staff....
Excuse me? Please don't talk to staff that way, they take their free time to support arrogant members like you.
The MyBB team doesn't maintain plugins, it's up to the creators of the plugins to fix security risks and bugs. Heck, they don't even have to if they don't want to.
Matt was referring to it not being part of MyBB core, therefore not up to them to do anything about it.
(2011-07-10, 10:45 PM)GoogleEarth Wrote: [ -> ]Don't post stupid things like this...
Because that's the right way to do it, insult the people who maintain the software.
Alright, so basically. Ignore this thread, and every forum with the plugin ShoutBox 1.14 or something. I'll release how to get the current DB then we'll see how many more complaints there is about this, it doesn't matter.
If it wasn't MyBB's fault, then what's the "Plugins" there for? Yes, Obviously MyBB doesn't own the Plugins, but they should be able to fix the vulnerable plugins. This is a fault which will probably learn from.
Is this plugin on the mods site? If it is then mybb is responsible, its its not on the mods site then its got nothing to do with mybb.