miniBB Support Forums | 15 years on The Web
miniBB ®

miniBB

®
 
 | Forums | Register | Reply | Search | Statistics | Manual |
Bugs miniBB Support Forums / Bugs /   
 

if isMod and enableGroupMsgDelete SQL Injection Vulnerability

 
Author kazim09
Partaker
#1 | Posted: 26 Jun 2007 03:36 
hi all.
file: bb_func_delmsg.php
code:
if(isset($enableGroupMsgDelete) and isset($_POST['deleteAll']) and is_array($_POST['deleteAll']) and sizeof($_POST['deleteAll'])>0) {
$deleteAll=$_POST['deleteAll'];


example:
<input type="checkbox" name="deleteAll[]" value="4444' [SQL] /*" />

Author Paul
Lead Developer
#2 | Posted: 26 Jun 2007 04:18 | Edited by: Paul 
Thanks for reporting, but... this time it seems this hack will not work for regular users at all ;-)

"isMod" variable is unset at the very beginning of index.php. So whatever you send externally, it will be set in the script itself anyway.

So you need to be logged in as moderator or admin to execute this "hack" which seems an absurd.

I have fixed this in the script anyway and released a small fix under the version 2.0.5b. Thank you.

Bugs miniBB Support Forums / Bugs /
 if isMod and enableGroupMsgDelete SQL Injection Vulnerability
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


 ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message text.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 
 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
↑ TOP