BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
MyBB 1.0 SQL injection in uploading file Dec 31 2005 09:55AM
addmimistrator gmail com
Hey
there is a security bug in inc/function_upload.php script in mybb all version (except two days ago security updated version) that allows SQL INJECTION
this bug is in function of upload attachment .
when a file goes to upload this function test that if file has a valid extension . for this call g...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus