minibb®
Fight the automated spam - protect your miniBB-forums,
getting the Captcha addon! Click here to read more.		Captcha Addon for miniBB
Community Forum
 | Forums | File Bank | Sign Up | Reply | Search | Statistics | Manual |
News & Announcements miniBB Community Forum / News & Announcements /

miniBB version 2.1c released - security fix
 
Paul
CEO
#1 | Posted: 29 Nov 2007 06:29
Reply 
Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified.

It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF.

Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have

$unset=array('logged_admin','isMod',........);

add to the end 'cook' value separating it by comma.

$unset=array('logged_admin','isMod',........, 'cook');

Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.
 
Your reply
Bold Style  Italic Style  Image Link  URL Link 


» Username  » Password 
You are welcome to post anonymously by entering a nickname with no password (if that nickname has not been taken by another member) or by leaving both fields empty. If you have a forums membership account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, be sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
Online now: Guests - 11
Members - 0 		Most users ever online: 191 [24 Dec 2007 14:33]
Guests - 191 / Members - 0

Forums are powered by miniBB®