MyBB

Ryan Gordon · 2007-12-30, 12:19 AM

This vulnerability has nothing to do with Labrocca's problems (which appear to be unrelated to MyBB)

And second, the reason there is no version number change because 99% of cases, this vulnerability is useless

labrocca · 2007-12-30, 12:24 AM

Jude there are ways to do automatted backups. Sometimes hosts have it built into their control panel. Check and see.

And tikitiki..yes it might not be anything related to mybb but better safe than sorry.

FirefoxWiz · 2007-12-30, 12:43 AM

Quote:there are ways to do automatted backups.

There are? I didn't know that. <.<

I guess I need to get more regular in my backups!

Update uploaded. Smile

Thanks!!

labrocca · 2007-12-30, 12:48 AM

Easiest method is a cron job running a script. I could make one that was mybb specific as a plugin. The important part is the database...files don't change much and are generally harder to hack.

Yumi · (This post was last modified: 2007-12-30, 01:01 AM by Yumi.)

labrocca Wrote:And tikitiki..yes it might not be anything related to mybb but better safe than sorry.

Unless you have your server set up to execute JPEG/GIF/BMP/PNG files as PHP scripts (or some other executable format), this won't be your issue Toungue

labrocca · 2007-12-30, 01:29 AM

Actually on some of my sites I do have png as executable for a specific reason though.

Yumi · (This post was last modified: 2007-12-30, 01:38 AM by Yumi.)

labrocca Wrote:Actually on some of my sites I do have png as executable for a specific reason though.

Then that could be part of your issue...

This won't allow config.php file to be re-written, unless:
a) You have FTP details stored on your server, and is retrievable
b) The file is CHMOD'd to be writable

Why would you need to execute PNG anyway? You can have a "fake" .png file, with a PHP script behind it, but most servers are set up to parse only .php and .php# files as PHP scripts.

Sephiroth · 2007-12-30, 05:31 AM

ZiNga BuRgA Wrote:
labrocca Wrote:Actually on some of my sites I do have png as executable for a specific reason though.
Then that could be part of your issue...

This won't allow config.php file to be re-written, unless:
a) You have FTP details stored on your server, and is retrievable
b) The file is CHMOD'd to be writable

Why would you need to execute PNG anyway? You can have a "fake" .png file, with a PHP script behind it, but most servers are set up to parse only .php and .php# files as PHP scripts.

If you have a "fake" png file, and you're using Apache, just use mod_rewrite. Smile

Kevin1992 · 2007-12-30, 07:09 PM

Thanks for the quick fix for MyBB 1.2.10!

You are the Best!

goughy000 · 2007-12-31, 01:18 AM

thanks, patched!

if i need an executable image i just use a php script with an image header and gd functions.

about the backups: i have a script that runs once a week and backups sql and transfers it to 3 remote ftp server. sweet eh?

Login
Username:
Password:	Lost Password?
	Remember me