Code injection vulnerability
#1
Mods care to explain 
https://community.mybb.com/global.php_SERVER
Reply
#2
Huh
Can you explain the purpose of your post ?
Do not ask me help through PM or Discord
Reply
#3
"File not found" is not the same as "404 Not Found"
Beyond that, I can't answer. But the suggestion is that there may be a vulnerability.
Reply
#4
I also replied to your private inquiries thread, but again I'm not sure what the issue is here.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#5
Quote:https://community.mybb.com/global.php?_SERVER

This is what you are looking at:
https://github.com/mybb/mybb/blob/e99ec5...hp#L12-L15
Reply
#6
Nothing vulnerable here. Just mybb.com have a different nginx fastcgi_param value when .php file is not found which is different from any other .extension/directory

https://community.mybb.com/test.php - file not found
https://community.mybb.com/test.mybb - 404 Not Found
https://community.mybb.com/test - 404 Not Found
Reply
#7
The unintended behaviors have been resolved. Thanks for the report and the explanation, Clumsy, HLFadmin and codedude.
Could be wrong but worth a try.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)