minibb®
Fight the automated spam - protect your miniBB-forums,
getting the Captcha addon! Click here to read more.		Captcha Addon for miniBB
Community Forum
 | Forums | File Bank | Sign Up | Reply | Search | Statistics | Manual |
Bugs miniBB Community Forum / Bugs /

if isMod and enableGroupMsgDelete SQL Injection Vulnerability
 
kazim09
Forums Member
#1 | Posted: 26 Jun 2007 03:36
Reply 
hi all.
file: bb_func_delmsg.php
code:
if(isset($enableGroupMsgDelete) and isset($_POST['deleteAll']) and is_array($_POST['deleteAll']) and sizeof($_POST['deleteAll'])>0) {
$deleteAll=$_POST['deleteAll'];

example:
<input type="checkbox" name="deleteAll[]" value="4444' [SQL] /*" />
Paul
CEO
#2 | Posted: 26 Jun 2007 04:18 | Edited by: Paul
Reply 
Thanks for reporting, but... this time it seems this hack will not work for regular users at all ;-)

"isMod" variable is unset at the very beginning of index.php. So whatever you send externally, it will be set in the script itself anyway.

So you need to be logged in as moderator or admin to execute this "hack" which seems an absurd.

I have fixed this in the script anyway and released a small fix under the version 2.0.5b. Thank you.
 
Your reply
Bold Style  Italic Style  Image Link  URL Link 


» Username  » Password 
You are welcome to post anonymously by entering a nickname with no password (if that nickname has not been taken by another member) or by leaving both fields empty. If you have a forums membership account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, be sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
Online now: Guests - 26
Members - 0 		Most users ever online: 191 [24 Dec 2007 14:33]
Guests - 191 / Members - 0

Forums are powered by miniBB®