[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

To: Henri Salo <henri@xxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, Amir@xxxxxxxx
Subject: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
From: coptang <coptang@xxxxxxxxx>
Date: Sat, 23 Jun 2012 03:47:44 +0100

On 22 June 2012 07:58, Henri Salo <henri@xxxxxxx> wrote:
>> #########################################################################################
>> #
>> # Expl0iTs :
>> #
>> # [TarGeT]/Patch/announcements.php?aid=1[Sql]
>> #
>> #
>> #########################################################################################
>
> Could not reproduce. Could you give working PoC?
>
> - Henri Salo

Agreed, untested but this looks sanitised well enough to me:

Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest

$aid = intval($mybb->input['aid']);

Can't see where in the page it's used unsanitised

References:
- Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
  - From: Amir
- Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
  - From: Henri Salo

Prev by Date: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
Next by Date: [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution
Previous by thread: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
Next by thread: Re: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
Index(es):
- Date
- Thread