+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Extensions (https://community.mybb.com/forum-201.html)
+--- Forum: Plugins (https://community.mybb.com/forum-73.html)
+---- Forum: Plugin Releases (https://community.mybb.com/forum-102.html)
+---- Thread: [For 1.6] Advanced Forum Signatures [Latest Version: 2.0.4] (/thread-60777.html)
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - frostschutz - 2011-10-12
This plugin has a SQL injection vulnerability that allows anyone to gain admin permissions.
In signature.php
$db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$mybb->input['afs_type']}', [...]The inputs aren't escaped so anyone can for example change the admin users password.
Original exploit was posted here
http://www.smoothblog.co.uk/2011/10/11/hack-mybb-advanced-forum-signatures-204-sql-injection/
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - onurcakko - 2011-10-13
turkish utf8 not support :@
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - 007combatant - 2011-10-13
yes turkish utf8 not support
this screenshot
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - coco_moco - 2011-11-10
Is there a way to fix the security vulnerability in this plugin?
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - traiphonuiktvn - 2011-12-24
ple help me, vietnamese utf8 not support.
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - 7uyk - 2012-03-16
Great plugin
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - MrAnderson - 2012-03-17
UTF8 support there yet ?
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - MadComp - 2012-07-19
(2011-10-12, 10:41 AM)frostschutz Wrote: This plugin has a SQL injection vulnerability that allows anyone to gain admin permissions.
In signature.php
$db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$mybb->input['afs_type']}', [...]
The inputs aren't escaped so anyone can for example change the admin users password.
Original exploit was posted here
http://www.smoothblog.co.uk/2011/10/11/hack-mybb-advanced-forum-signatures-204-sql-injection/
Is there a way to fix this yet? I can't use it until this is fixed!
RE: Advanced Forum Signatures [Latest Version: 2.0.4] - Omar G. - 2012-07-19
Open th root file, find:
$db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$mybb->input['afs_type']}', `afs_background`='{$mybb->input['afs_background']}', `afs_showonline`={$mybb->input['afs_showonline']}, `afs_full_line1`='{$mybb->input['afs_full_line1']}', `afs_full_line2`='{$mybb->input['afs_full_line2']}', `afs_full_line3`='{$mybb->input['afs_full_line3']}', `afs_full_line4`='{$mybb->input['afs_full_line4']}', `afs_full_line5`='{$mybb->input['afs_full_line5']}', `afs_full_line6`='{$mybb->input['afs_full_line6']}', `afs_bar_left`='{$mybb->input['afs_bar_left']}', `afs_bar_center`='{$mybb->input['afs_bar_center']}', `afs_bar_right`='{$mybb->input['afs_bar_right']}' WHERE `uid`='{$mybb->user['uid']}';");Change for this:
$db->query("UPDATE ".TABLE_PREFIX."users SET `afs_type`='{$db->escape_string($mybb->input['afs_type'])}', `afs_background`='{$db->escape_string($mybb->input['afs_background'])}', `afs_showonline`={$db->escape_string($mybb->input['afs_showonline'])}, `afs_full_line1`='{$db->escape_string($mybb->input['afs_full_line1'])}', `afs_full_line2`='{$db->escape_string($mybb->input['afs_full_line2'])}', `afs_full_line3`='{$db->escape_string($mybb->input['afs_full_line3'])}', `afs_full_line4`='{$db->escape_string($mybb->input['afs_full_line4'])}', `afs_full_line5`='{$db->escape_string($mybb->input['afs_full_line5'])}', `afs_full_line6`='{$db->escape_string($mybb->input['afs_full_line6'])}', `afs_bar_left`='{$db->escape_string($mybb->input['afs_bar_left'])}', `afs_bar_center`='{$db->escape_string($mybb->input['afs_bar_center'])}', `afs_bar_right`='{$db->escape_string($mybb->input['afs_bar_right'])}' WHERE `uid`='{$mybb->user['uid']}';");RE: Advanced Forum Signatures [Latest Version: 2.0.4] - MadComp - 2012-07-19
Thanks Omar! I'll gladly use this plugin now!