(UTC)
 Choose Language:
  BoardMod MirrorYaBB & BoardModNews › Security Update for YaBB 2.1
Previous Topic | Next Topic
Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic Security Update for YaBB 2.1 (Read 16303 times)
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Security Update for YaBB 2.1
Jun 13th, 2007 at 6:31pm
Print Post  
This is from yabbforum.com:

Quote:
A vulnerability has been found in YaBB 2.1 Forum Software that allows members to enter specific text into some profile form fields to gain administrator access to the forum.  Administrator rights grants the member access to the forum controls.

This fix is not included in the YaBB 2.1 Forum Software download at this time.  It must be applied to all new forum installations.


Download the patch here!

The patch can be installed using boardmod or manually by using a text editor. If you need more information on how to use boardmod or to install the mod manually, proceed here.
  
The Administrator.
Back to top
WWW  
IP Logged
 
tonysab
New Member
*
Offline


I love YaBB 1G - SP1!

Posts: 5
Joined: Sep 7th, 2002
Re: Security Update for YaBB 2.1
Reply #1 - Jul 3rd, 2007 at 2:59pm
Print Post  
Thanks for this. I am changing this manually. For the first change -

<edit file>
Sources/Profile.pl
</edit file>

<search for>
           &ToChars($member{'name'});
</search for>

<add after>
           &ToHTML($member{'location'});
           &ToHTML($member{'bday'});
           &ToHTML($member{'sesquest'});
</add after>

I can find 2 instances of the search for text. Do I change both or just one? Admittedly only one has it in the same column as that specified.
Thanks.
  
Back to top
 
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Update for YaBB 2.1
Reply #2 - Jul 3rd, 2007 at 7:55pm
Print Post  
Just change the instance that exactly matches.
  
The Administrator.
Back to top
WWW  
IP Logged
 
brasscannon
New Member
*
Offline



Posts: 1
Joined: Sep 15th, 2007
Re: Security Update for YaBB 2.1
Reply #3 - Sep 15th, 2007 at 10:19pm
Print Post  
Sorry, but I downloaded boardmod 2.5.5 (the Linux tar.gz) and it DOES NOT appear to have support for Yabb 2.1 at all.

I was able to apply the security mod by hand, but what's the story?
  
Back to top
 
IP Logged
 
Outumuro
God Member
*****
Offline


Publisher - YaBB Toolbar

Posts: 569
Location: Los Angeles
Joined: Apr 14th, 2004
Gender: Male
Re: Security Update for YaBB 2.1
Reply #4 - Sep 16th, 2007 at 11:55pm
Print Post  
http://www.boardmod.org/yabb/YaBB.pl?board=troubleshooting;action=display;num=11...
  

Back to top
WWW  
IP Logged
 
batchman
Global Moderator
*****
Offline


What's up?!

Posts: 1280
Location: Orlando
Joined: Apr 28th, 2002
Gender: Male
Re: Security Update for YaBB 2.1
Reply #5 - Nov 3rd, 2007 at 5:50pm
Print Post  
This security update and the Admin Centre Update mod won't play together.

For those of us who are programming-challenged, is there anybody who is willing to adapt one or the other so they'll get along?

(I'll ask in its topic, as well.)
  
Improving my forum, one mod at a time!


Now up and running again, with an accurate link.
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint
Previous Topic | Next Topic
 
  « Board Index ‹ Board Top  

BoardMod Mirror » Powered by YaBB 2.6.12!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid RSS Valid XHTML Valid CSS Powered by Perl Source Forge