MyBB

Galen · 2007-04-04, 05:19 AM

Nice quick painless update. Thanks guys!

Tazfan · 2007-04-04, 07:06 AM

Thank you Mybb Group

Thank you for the update

very easy to do as well (just need to update to files)

Thank you

Tazfan

PHP_Paul · (This post was last modified: 2007-04-04, 07:43 AM by PHP_Paul.)

If staff wants to see it, fine, but I realized it would be bad to give out the code to hack MyBBs.

I had two files like that, one in uploads, and one in uploads/avatars.

They both had numerical filenames, the example was '75093.php'. Was my board breached?

Tickhi · 2007-04-04, 07:43 AM

I to say

rillig · (This post was last modified: 2007-04-04, 08:14 AM by rillig.)

I wonder about the quality of the provided patch:

* Why should a function (get_ip) that has absolutely nothing to do with database access use the function $db->escape_string?
* Why do you leave space characters in the IP address?
* Why is escape_string necessary at all, after you have filtered out everything except [0-9. ]?

Roland

Chris W. B. · (This post was last modified: 2007-04-04, 08:58 AM by Chris W. B..)

Thanks, updated.

I seen last night it was posted here, very fast at fixing it well done Smile

.

ClarkF1 · 2007-04-04, 09:15 AM

A nice easy fix.

I ran the vulnerability checker and it found a file.........went to my FTP not sure what I would find and found a file I'd uploaded myself to delete some files which wouldn't delete through my FTP GUI. I'd deleted the files but not the file deletion script.

D'oh!!!!!!!!

All happy now

PHP_Paul · 2007-04-04, 09:16 AM

What were the file names that you deleted?

Elrond Whipumar · 2007-04-04, 09:35 AM

Do i need to fix my old MyBB 1.2.2 Forum with this patch too or is this patch for MyBB 1.2.3 only?

crsoft · 2007-04-04, 09:48 AM

is this forum on the 1.2.4 ?

Login
Username:
Password:	Lost Password?
	Remember me