Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mybb hackable?
#1
is mybb Hackable or can be hacked true answers
Mark as best answer Mark as best answer
mybb is safe but i have found a few things that users may need to patch
iv done a test using a paid vulnability scanner and got this

1.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

2.Vulnerability description
This server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or an WAF (Web Application Firewall). Acunetix WVS detected this by sending various malicious payloads and detecting changes in the response code, headers and body.
(The impact of this vulnerability)
You may receive incorrect/incomplete results when scanning a server protected by an IPS/IDS/WAF. Also, if the WAF detects a number of attacks coming from the scanner, the IP address can be blocked after a few attempts.

3.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

that being said iv done tests on the cpanal inc bruteforcing the cpanal

result-nothing

sql injections-nothing and all rumors of this are fake

i love mybb and it is now my home sweet home

as a java script maker i hate being hacked and i will help mybb staff if i discover anything

and to all users why not make mybb ur #1 for websites

Deathaces
#2
Quote:is mybb Hackable or can be hacked true answers

Yes, most software is.

Quote:iv done a test using a paid vulnability scanner and got this

I have to advise against this. Many people do this without understanding the results and assume there's something wrong with the the software. None of these "vulnerabilities" have anything to do with MyBB. They're all server related and more advisories than anything.

If you want to find vulnerabilities, do it manually. I've found plenty of low risk vulnerabilities within MyBB simply by using it. I've yet to encounter a legitimate report of someone discovering a vulnerability within MyBB by using a scanner, free or paid.
No longer involved in the MyBB project.
#3
One thread is enough!
http://community.mybb.com/thread-144097.html
[Image: banner.png]


Forum Jump:


Users browsing this thread: 1 Guest(s)