Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
On 22 June 2012 07:58, Henri Salo <henri@nerv.fi> wrote:
>> #########################################################################################
>> #
>> # Expl0iTs :
>> #
>> # [TarGeT]/Patch/announcements.php?aid=1[Sql]
>> #
>> #
>> #########################################################################################
>
> Could not reproduce. Could you give working PoC?
>
> - Henri Salo
Agreed, untested but this looks sanitised well enough to me:
Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest
$aid = intval($mybb->input['aid']);
Can't see where in the page it's used unsanitised
討論串 (同標題文章)
完整討論串 (本文為第 4 之 5 篇):