• IMPORTANT: Welcome to the re-opening of GameRebels! We are excited to be back and hope everyone has had a great time away. Everyone is welcome!

How to Fix MyBB 1.6.12/1.6.13 SQL Injection

TheDerpKing

TheDerpKing

Active Member
Joined
Jul 17, 2014
Messages
63
Reaction score
0

Vulnerability - "search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order="

Edit search.php and find this line :
$sid = $db->escape_string($mybb->input['sid']);


Change this Line to:
if(is_array($mybb->input['sid']))
$sid = $db->escape_string(implode($mybb->input['sid']));
else
$sid = $db->escape_string($mybb->input['sid']);

Note: I don't Take Credit for Finding or Patching this.
 
You must log in or register to reply here.
Top