15 years on The Web
miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
News & Announcements miniBB Support Forums / News & Announcements /   

miniBB version 2.1c released - security fix

Author Paul
Lead Developer
#1 | Posted: 29 Nov 2007 06:29 
Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified.

It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF.

Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have

$unset=array('logged_admin','isMod',........);

add to the end 'cook' value separating it by comma.

$unset=array('logged_admin','isMod',........, 'cook');

Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.

News & Announcements miniBB Support Forums / News & Announcements / miniBB version 2.1c released - security fix Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

 ?
You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB