[Security] The fix for the weak string in search.php

[VoIP]

edit search.php and find this line :

$sid = $db->escape_string($mybb->input['sid']);

change this line to :

if(is_array($mybb->input['sid']))
    $sid = $db->escape_string(implode($mybb->input['sid']));
    else
    $sid = $db->escape_string($mybb->input['sid']);

I take no credit for this.

Credit to:
Packetstorm.

[Cameron:D]

A more complete solution would probably be to edit the function that process all the input variables to not process arrays/use the first element in a given array for a set list of input variables.

[VoIP]

A more complete solution would probably be to edit the function that process all the input variables to not process arrays/use the first element in a given array for a set list of input variables.

Yea that would be a better idea. There was a guy panicking users so I just posted this quick fix so people wouldn't feel scared about mybb being 'exploited'. This can't even do anything.. Well at least from what I know about mybb/SQLi.

[DrXotick]

What is this? Is this a newly discovered security issue? Will the fix affect the search results negatively? (ie, return less accurate results)

[Cameron:D]

I remember accidentally finding it quite a while back, there isn't really any security issue, just a bug that throws an error because it has an array where it expects a string (See it in action here: http://community.mybb.com/search.php?act...id[]=stuff). The only way to make it happen is to manually edit the search results URL, so it won't affect normal users browsing.

[VoIP]

Its nothing bad. Just 'ub3r hax0rs' think its a bad thing because it outputs and error. You can't execute any malicious query's I tried.

[dragonexpert]

I also tried and all you can get is errors.