| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Jun 2012 03:47:44 +0100 From: coptang <coptang@...il.com> To: Henri Salo <henri@...v.fi>, bugtraq@...urityfocus.com, Amir@...st.ir Subject: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy On 22 June 2012 07:58, Henri Salo <henri@...v.fi> wrote: >> ######################################################################################### >> # >> # Expl0iTs : >> # >> # [TarGeT]/Patch/announcements.php?aid=1[Sql] >> # >> # >> ######################################################################################### > > Could not reproduce. Could you give working PoC? > > - Henri Salo Agreed, untested but this looks sanitised well enough to me: Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest $aid = intval($mybb->input['aid']); Can't see where in the page it's used unsanitised
Powered by blists - more mailing lists