Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
From: coptang <coptang () gmail com>
Date: Sat, 23 Jun 2012 03:47:44 +0100

On 22 June 2012 07:58, Henri Salo <henri () nerv fi> wrote:
#########################################################################################
#
# Expl0iTs :
#
# [TarGeT]/Patch/announcements.php?aid=1[Sql]
#
#
#########################################################################################

Could not reproduce. Could you give working PoC?

- Henri Salo

Agreed, untested but this looks sanitised well enough to me:

Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest

$aid = intval($mybb->input['aid']);

Can't see where in the page it's used unsanitised


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]