Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

From: coptang <coptang@gmail.com>
To: Henri Salo <henri@nerv.fi>,bugtraq@securityfocus.com,Amir@irist.ir
Cc:
Subject: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
Date:


On 22 June 2012 07:58, Henri Salo <henri@nerv.fi> wrote:
>> #########################################################################################
>> #
>> # Expl0iTs :
>> #
>> # [TarGeT]/Patch/announcements.php?aid=1[Sql]
>> #
>> #
>> #########################################################################################
>
> Could not reproduce. Could you give working PoC?
>
> - Henri Salo

Agreed, untested but this looks sanitised well enough to me:

Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest

$aid = intval($mybb->input['aid']);

Can't see where in the page it's used unsanitised





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.