Bugtraq mailing list archives
Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
From: coptang <coptang () gmail com>
Date: Sat, 23 Jun 2012 03:47:44 +0100
On 22 June 2012 07:58, Henri Salo <henri () nerv fi> wrote:
######################################################################################### # # Expl0iTs : # # [TarGeT]/Patch/announcements.php?aid=1[Sql] # # #########################################################################################Could not reproduce. Could you give working PoC? - Henri Salo
Agreed, untested but this looks sanitised well enough to me: Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest $aid = intval($mybb->input['aid']); Can't see where in the page it's used unsanitised
Current thread:
- Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Amir (Jun 21)
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Henri Salo (Jun 22)
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Yaniv Shaked (Jun 26)
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Gianluca Brindisi (Jun 26)
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy coptang (Jun 26)
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Yaniv Shaked (Jun 26)
- <Possible follow-ups>
- Re: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy nathan (Jun 26)
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Henri Salo (Jun 22)