2021-06-15, 05:00 AM
Mods care to explain
https://community.mybb.com/global.php_SERVER
https://community.mybb.com/global.php_SERVER
Code injection vulnerability
|
Code injection vulnerability
|
|
2021-06-15, 06:17 AM
 Can you explain the purpose of your post ?
2021-06-15, 10:46 AM
"File not found" is not the same as "404 Not Found"
Beyond that, I can't answer. But the suggestion is that there may be a vulnerability.
2021-06-15, 10:54 AM
I also replied to your private inquiries thread, but again I'm not sure what the issue is here.
2021-06-15, 05:57 PM
Quote:https://community.mybb.com/global.php?_SERVER This is what you are looking at: https://github.com/mybb/mybb/blob/e99ec5...hp#L12-L15
2021-06-15, 06:57 PM
(This post was last modified: 2021-06-15, 07:00 PM by codedude. Edited 2 times in total.)
Nothing vulnerable here. Just mybb.com have a different nginx fastcgi_param value when .php file is not found which is different from any other .extension/directory
https://community.mybb.com/test.php - file not found https://community.mybb.com/test.mybb - 404 Not Found https://community.mybb.com/test - 404 Not Found
2021-06-18, 07:27 PM
The unintended behaviors have been resolved. Thanks for the report and the explanation, Clumsy, HLFadmin and codedude.
Could be wrong but worth a try.
|
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)