miniBB version 2.1c released

Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified.

It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF.

Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have

$unset=array('logged_admin','isMod',........);

add to the end 'cook' value separating it by comma.

$unset=array('logged_admin','isMod',........, 'cook');

Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.

	miniBB Community Forum / News & Announcements /	Short link for this topic:
miniBB version 2.1c released - security fix

	Paul CEO	#1 \| Posted: 29 Nov 2007 06:29
Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified. It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF. Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have $unset=array('logged_admin','isMod',........); add to the end 'cook' value separating it by comma. $unset=array('logged_admin','isMod',........, 'cook'); Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.

miniBB version 2.1c released - security fix