2012-07-31, 09:27 PM
That is a big problem since it is -- IIRC -- included in every MyBB installation.
Hacked.
|
2012-07-31, 09:27 PM
That is a big problem since it is -- IIRC -- included in every MyBB installation.
2012-07-31, 10:24 PM
I am sorry but there is absolutely no possible way that an SQL injection or any other kind of hack could be forced via the Hello World plugin.
If the plugin is disabled it can't do anything, if it is enabled all it does is edit the $post["message"] to display a message. If it is disabled the only way to enable it is if someone has access or your site was already hacked. Further more, the only way that it could be edited is if the file itself was edited. There would be no way for them to hijack the entire $page or $post variable and certainly not via that plugin. The plugin does not take any input values and as such there is no entry point for a malicious user
2012-07-31, 10:38 PM
(2012-07-31, 09:18 PM)RedCP Wrote:(2012-07-31, 03:46 PM)pavemen Wrote: please share the plugin name and version with the support staff and perhaps contact the plugin author to inform them of the vulnerability. this way the plugin can be removed from the mods sites and if popular enough, the staff may post details about the exploit so others can defend against it. No way, are you trolling?
2012-08-01, 01:18 AM
Now I am trying to breathe because I am laughing so much. Hello World takes no user input, so there can't be any entry point for a vulnerability.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
2012-08-01, 01:30 AM
There is no way you were hacked through the hello world plugin. It does nothing to the db, tAkes no user input, just like everyone else said.
-Paul H.
Cogisne lingua latina?
2012-08-01, 06:34 AM
Didnt he say that it put a message in all the forums?
Whilst I can see no possible way to do this as there are no DB actions and no user input, it is possible that the user found some other route into the server and altered this file and enabled it which would possibly display a message, however this was not the entry point and disabling the plugin would fix it. |
« Next Oldest | Next Newest »
|