Full Path Disclosure - Array.




miniBB Community Forum

| Forums | File Bank | Sign Up | Search | Statistics | Manual |

Worried about forum enemies? Pre-approve postings and members with the Premoderation add-on!

	miniBB Community Forum / Bugs /	Short link for this topic:
Full Path Disclosure - Array.

	Corey Forums Member	#1 \| Posted: 21 Dec 2007 12:16 \| Edited by: Corey
http://www.minibb.com/forums/index.php?action=stats&top=1&days=60&lst[] Fatal error: Unsupported operand types in /home/minibb/public_html/forums/bb_func_stats.php on line 37 http://www.minibb.com/forums/index.php?action=stats&top[] Fatal error: Unsupported operand types in /home/minibb/public_html/forums/bb_func_stats.php on line 37 http://www.minibb.com/forums/index.php?action=userinfo&user[] Fatal error: Unsupported operand types in /home/minibb/public_html/forums/bb_func_usernfo.php on line 11 http://www.minibb.com/forums/index.php?action=checker&step=editsettings&isNew[] Fatal error: Unsupported operand types in /home/minibb/public_html/forums/addon_checker.php on line 860

	Corey Forums Member	#2 \| Posted: 21 Dec 2007 12:26
http://minibb.org/minibb-test.php?action=vthread&forum=3&topic=695&page[] Fatal error: Unsupported operand types in /data/minibbtest/minibb-test.php on line 70 http://minibb.org/minibb-test.php?action=vthread&forum=3&topic[] Fatal error: Unsupported operand types in /data/minibbtest/minibb-test.php on line 69 http://minibb.org/minibb-test.php?action=vthread&forum[] Fatal error: Unsupported operand types in /data/minibbtest/minibb-test.php on line 67

	Sergei Team member	#3 \| Posted: 25 Dec 2007 12:02
hello.. yes, but you're using topic and forum as arrays. So what kind of behavior do you expect?

	Paul CEO	#4 \| Posted: 27 Dec 2007 08:25
I must agree this bug exists, however there will be still no solution for it and we will release it only when the new release of miniBB comes out next year. Basically it would be needed to fix each and every file where such integer variable setting happens, and there are a lot of these files. In general on each "normal" hosting all PHP errors must be supressed in the configuration so most likely you won't even see such error reporting. I have checked some major scripts like punBB or WordPress or vBulletin (and/or their add-ons) and it appears all of them can be 'vulnerable' because of this issue as well. First I thought it is a PHP bug because it is strange that PHP which works so transparently with the operand types, and it shuts down on such simple confusion. However to avoid confusion of the users I would mention this is not a critical bug and even knowing direct path to the scripts on the server means nothing until you have access to this path (and I suppose only folder's owner can have such access, else we could call it an insecure hosting).

	Paul CEO	#5 \| Posted: 19 Feb 2008 09:54 \| Edited by: Paul
This bug was hopefully fixed in the miniBB 2.2. All official add-ons were updated as well.

miniBB Community Forum / Bugs / Full Path Disclosure - Array.

↑ Top

This topic is closed. You can't post a reply.

miniBB Community Forum Powered by Free Forum Software miniBB ®

Features Requirements Demo Download Showcase Gallery of Arts
Compiler Premium Extensions Premium Support License Contacts