Potential Exploit
#11
So it is likely that the malcious user was running arbitrary code? Are there specific things I should be looking for now? (ie. known things that this person has run on other boards? inserted sql queries? etc)
#12
The arbitrary code is in the username, so whatever is in the username would have been executed.
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net


Forum Jump:


Users browsing this thread: 1 Guest(s)