[Duplicate] Input manipulation causing Full Path Disclosure (ACP-wide)
While the front-end seems to be pulling the user input using $mybb->get_input() which converts it to the expected types, it is not being done in the ACP and simple input type manipulation (e.g. submitting arrays instead of string values) allows to trigger PHP errors related to provided values' types and functions they have been passed to.

Code sample:

This issue refers to a vast majority of POST forms as well as mechanisms relying on GET parameters present in the ACP.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz

Messages In This Thread
Input manipulation causing Full Path Disclosure (ACP-wide) - by Devilshakerz - 2015-03-28, 09:25 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)