miniBB version 2.1c released

Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified.

It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF.

Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have

$unset=array('logged_admin','isMod',........);

add to the end 'cook' value separating it by comma.

$unset=array('logged_admin','isMod',........, 'cook');

Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.

miniBB

miniBB version 2.1c released - security fix

Your Reply

	miniBB Support Forums / News /
	miniBB version 2.1c released - security fix

	Paul Lead Developer	#1 \| Posted: 29 Nov 2007 06:29
		Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified. It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF. Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have $unset=array('logged_admin','isMod',........); add to the end 'cook' value separating it by comma. $unset=array('logged_admin','isMod',........, 'cook'); Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.


	Home Features Requirements Demo Download Showcase Gallery of Arts Compiler Premium Extensions Premium Support License Contact Us