miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  
 

miniBB version 2.1c released - security fix

 
Author Paul
Lead Developer 
#1 | Posted: 29 Nov 2007 06:29 
Recently discovered security issue may bring the SQL injection, it all happens because the $cook variable in bb_cookie.php is not verified.

It all will work (as usually) if PHP setting register_globals is set to ON, additionally magic_quotes_gpc set to OFF.

Quick fix is to add 'cook' value to the $unset array which appears at the very top of index.php and bb_admin.php files. For example if you have

$unset=array('logged_admin','isMod',........);

add to the end 'cook' value separating it by comma.

$unset=array('logged_admin','isMod',........, 'cook');

Credit goes to mr. Stefan Esser who kindly discussed this issue privately with us not reporting it to public. Thank you.

News miniBB Support Forums / News /
 miniBB version 2.1c released - security fix
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑