miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
The Other miniBB Support Forums / The Other /   

SQL & XSS injections

Author Thew
Registered
#1 | Posted: 1 Dec 2010 11:48 
Hey

I have heard that MiniBB is vunerable for SQL and XSS injections? When are they gonna remove those injections? Please ASAP? Everyone using miniBB's website is in great danger!

Please remove them, because beside that, miniBB is great forum software!

Author tom322
Registered
#2 | Posted: 1 Dec 2010 13:17 
Come down, any knows problems are fixed in miniBB 2.5a. Unless you know something that others don't know..?

Author Paul
Lead Developer
#3 | Posted: 2 Dec 2010 03:32 | Edited by: Paul 
"I have heard" is not the fact. Give us some facts or exact URLs, may be there is something we don't know about.

We fix XSS and SQL injection issues as soon as they come up. What you may read / browse on Internet, could be outdated. If you are reading news or text regarding this, pay attention to the publishing date. Some news are marked 2008, 2006 or even 2004. Of course, we have fixed all those issues long time ago for the recent release.

Keep on.

BTW any website using open source software, is in danger. All websites using Wordpress are in danger. All forums using phpBB or vBulletin are in danger. Come on, you life is in danger every second. Be serious about such complaints.

Author Thew
Registered
#4 | Posted: 2 Dec 2010 07:36 
Google;
exploit-db[dot]com/exploits/15415/
secgeeks[dot]com/minibb_sql_injection.html
juniper[dot]net/security/auto/vulnerabilities/vuln28930.html

And they're talking about the newest version: 2.5!

Author tom322
Registered
#5 | Posted: 2 Dec 2010 09:03 
Thew:
the newest version: 2.5!

Version 2.5 is a history. The latest version is 2.5a which fixed them all.

Author Paul
Lead Developer
#6 | Posted: 3 Dec 2010 03:37 
The first one was fixed in 2.5.

The second one refers to November 4th, 2007 where it was posted (now we have 2010 ending) - and again, I am not sure what this guy is writing about. No proofs of contest available - the same way you may write about any software.

The third one refers to miniBB 2.2, the version from 2008.

You don't have to doubt that everything you can find on Internet, is already fixed in miniBB, or if it's a "fresh" issue, it's going to be fixed in a business day term.

The Other miniBB Support Forums / The Other / SQL & XSS injections Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

 ?
Only registered users are allowed to post here. Please, enter your username/password details upon posting a message, or register first.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB